Re: [perpass] Another mail-related proposal

Jim Fenton <fenton@bluepopcorn.net> Mon, 19 August 2013 20:49 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D21111E82F3 for <perpass@ietfa.amsl.com>; Mon, 19 Aug 2013 13:49:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KM-lyddRZI17 for <perpass@ietfa.amsl.com>; Mon, 19 Aug 2013 13:49:24 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0AB11E82EF for <perpass@ietf.org>; Mon, 19 Aug 2013 13:49:16 -0700 (PDT)
Received: from splunge-2.local (70-90-161-117-ca.sfba.hfc.comcastbusiness.net [70.90.161.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id r7JIrdRL007444; Mon, 19 Aug 2013 11:53:40 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1376938420; bh=kOeHDXWWbjwfjBWzHkb3sqftp0A6JIIMubVFlEXc+IE=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=VwuKF5ucp6xEpB9rtok3Y211Aq2LdtkUZMEU0SRaUW6VyfdGGvIhVHZ1ng8tEa7bV 8azyO3RPh5UTh6aFVNtM71cnuSf8m7c5Jfl3wsISgF06BT2lilasR79IstI5whqJkr IQ1c9OCJLoIrnePC6IIObsIX6E+0eRKDRoGbks1Q=
Message-ID: <521269AF.9010509@bluepopcorn.net>
Date: Mon, 19 Aug 2013 11:53:35 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>
References: <520FE08B.80005@bluepopcorn.net> <alpine.LFD.2.10.1308171723400.14413@bofh.nohats.ca> <5210643F.8030709@bluepopcorn.net> <m2bo4vcuup.wl%randy@psg.com> <5210F771.9090600@bluepopcorn.net> <CE6EFE2E-83A6-4245-BC04-20033A162A12@checkpoint.com>
In-Reply-To: <CE6EFE2E-83A6-4245-BC04-20033A162A12@checkpoint.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Randy Bush <randy@psg.com>, "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Another mail-related proposal
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 20:49:27 -0000

On 8/18/13 11:49 AM, Yoav Nir wrote:
> On Aug 18, 2013, at 7:33 PM, Jim Fenton <fenton@bluepopcorn.net>
>  wrote:
>
>> On 08/18/2013 12:37 AM, Randy Bush wrote:
>>>> I'm having more trouble coming up with use cases where I'd want to
>>>> reject messages that don't use PGP or S/MIME.
>>> visualize a future world where e2e message privacy is the default.  in
>>> that world, some parties could view an unencrypted message as an attack.
>> I'm curious what sort of attack you're envisioning here: what are the
>> motives of the attacker, and what is the harm to the attacked party? I
>> have one idea -- a bit of a stretch IMO -- see below. But I wonder if
>> there are others.
> Here's one. You and Randy are exchanging some emails. They're all encrypted, so listening in on your conversation is either impossible or prohibitively expensive. But the attacker finds some bug in your mail client, that makes it forget (or distrust) Randy's public key. Absent a public key, your mail client sends in the clear, and because of some BC code from the days when not all mail was encrypted, Randy's mail client displays the message. Because we all quote extensively, getting your side of the conversation is enough.
>
> So the unencrypted message is not in itself an attack, but it is evidence of an attack. Does that mean it should be rejected? On the one hand, it's best to stop the conversation because it's not protected (and evidently is of some interest to someone). On the other hand, it makes no sense that the last message should be only available to an attacker. If some server in the middle is set up to drop all messages that are not encrypted (and the receiver has published a public key), this server may end up being before the point where the attacker is listening, foiling the attack. So I guess that could be an argument for dropping.
>
That's an interesting use case, in part because something similar
happened to me the other day. I had sent a PGP-encrypted message to
someone who (not Randy of course) replied in the clear, quoting much of
my original message. The message wasn't all that sensitive, and my
correspondent was a new PGP user, but it seemed like a breach of etiquette.

In your example, the attack is only foiled if the attacker has not
monitored the link between the originator and the server in the middle,
which will not be the case if monitoring is indeed pervasive. Transport
encryption might help with this.

One of the difficulties I see is that the policy (perhaps not the best
word) for expressing a desire for all mail to be e2e encrypted is very
fine grained -- probably down to the individual email address.
Publishing and querying that information is likely to involve a whole
new set of of privacy concerns. Note, for example, that I'm not
suggesting that we publish that preference with WebFinger.

-Jim