Re: [pkix] Identified Work Items and Discussion Summary (was: possible new pkix and/or smime work)
Tom Ritter <tom@ritter.vg> Fri, 01 April 2016 18:16 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C69212D55A for <pkix@ietfa.amsl.com>; Fri, 1 Apr 2016 11:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ritter.vg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GuIl2pd6Agxp for <pkix@ietfa.amsl.com>; Fri, 1 Apr 2016 11:16:41 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D0812D172 for <pkix@ietf.org>; Fri, 1 Apr 2016 11:16:41 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id d68so40670568ywe.1 for <pkix@ietf.org>; Fri, 01 Apr 2016 11:16:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/ODaKAhHeIveA91AYaZ290MeCfl/j7TF2K1WKeppD4I=; b=WnNcHg76LruVnMhFsNVzVe8auUxwnUQ9ypKPjSVjBU+/nI0ozzjHaKWnkZmp9F8Cpb 0dCBsvrI8xBPBSklwZOZNGMeUKIVOknUmTitIFilkvQo9pD+HNtQztwJVWPzvO1LOfaJ epIMh6CjKSY4P1TQCHHY9/S7zE3uGZr2n9qMA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/ODaKAhHeIveA91AYaZ290MeCfl/j7TF2K1WKeppD4I=; b=f+d64EC3JYTtIX+ng9LZ86DMwbWhz/VdKUnHjlrV/MrT2FQu7mTKp/duxofKlT4O/k brEp4NqLkkNPFKkdpJ415/ti+2OBFXEoN9xzAtpQvc7RjLu4zfbRR1auN2qlAqvx/5Vr 1EW1cHEWN8OdBAPKLkJIwYRpYrnhbbdyEw9l4zUTzCUhXJdx/9vKK5zpzt7c02qMJ3aS pfGMjngNBmwyUUUtgguiiUaQxaGZomGw9E7RkhoKDBs5Opmx/flWYQiWm9Er14S+AWCF Km49EqJH77wbjrNMmpyGrlwpCgJJZ/cPow63luZCKQ57oqcp2KmPbFcGO+lVH46mjGA4 4l7Q==
X-Gm-Message-State: AD7BkJLUgJmtnHpjwHQ8V2JrnKOhOVc4rXsze7p6TxUZzqss5neQ0OGZxrE7IVZ+v7ZJSRh3n/hceTGJ2dUbmC2+
X-Received: by 10.129.72.148 with SMTP id v142mr10799254ywa.228.1459534600855; Fri, 01 Apr 2016 11:16:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.126.197 with HTTP; Fri, 1 Apr 2016 11:16:21 -0700 (PDT)
In-Reply-To: <CAAFsWK0KVvyYDHQKHRxLhqsyUEmV2QeYhLpsp67vCr7BLvoPow@mail.gmail.com>
References: <CAAFsWK1BDEFOALrcgjw9iHw5D9jZeLAp7bAurs3bqgQb0UxhrQ@mail.gmail.com> <CA+cU71=umYrYfJfG8CQ0tf=P5FuvxW7W4JAcz+060g2VdsmAXg@mail.gmail.com> <alpine.OSX.2.11.1604011242410.58572@ary.lan> <CAAFsWK0KVvyYDHQKHRxLhqsyUEmV2QeYhLpsp67vCr7BLvoPow@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 01 Apr 2016 13:16:21 -0500
Message-ID: <CA+cU71k=78xwt0sD-jHhLFG-+fGHLTbYUrpNv-G6nzGjCZEhcg@mail.gmail.com>
To: Wei Chuang <weihaw@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/v4GsMrSfQaLlKh7TaUL5Q394PI8>
Cc: PKIX <pkix@ietf.org>, John R Levine <johnl@taugh.com>, IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] Identified Work Items and Discussion Summary (was: possible new pkix and/or smime work)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2016 18:16:44 -0000
On 1 April 2016 at 12:47, Wei Chuang <weihaw@google.com> wrote: > There's also an experimental RFC7508 "Securing Header Fields with S/MIME" > plus RFC5751 mentions using message/rfc822 though that is not completely > specified. One issue likely common with these approaches is keeping private > the sender and recipient(s). I've pitched the idea of doing some form of > onion routing to mitigate that. Hopefully these are things folks would be > interested in pursuing. I'm super interested in that. I've been interested and worked casually on mix networks for a bit, for strong anonymity. But there are lots of problems there, including reliability (and throughput) of nodes, abuse, and of course the 'going dark on spam' problem . Lately I've been thinking about something weaker and potentially more deployable. Model it as four parties at play: Sender, Receiver, Sender Provider, Receiver Provider. Right now each party sees everything - goal is to reduce that. One idea I've had is that each provider can publish a remailer@provider.com address. You encrypt a message to remailer@gmail.com specifying alice@gmail.com as the recipient with the body additionally encrypted (or not) to Alice. Google decrypts and then forwards to Alice. This makes the Recipient private from the Sender Provider, and doesn't impact any sort of incoming spam controls. (It does impact outgoing spam controls to a certain degree.) Another idea is that the sending provider can strip all identifying information from the message as it passes through them. The information is contained inside the encrypted envelope to the final recipient. Sending provider will still know who's sending the message (SMTP authentication) - but the Receiving Provider doesn't learn the Sender. You've got lots of concerns about impersonation here, but I think we could device a cryptographic protocol that gives the Sending Provider assurance the Sender isn't trying to masquerade as someone else. (The simplest one would just have the Sending Provider encrypt the Sender to the Recipient.) -tom
- [pkix] Identified Work Items and Discussion Summa… Wei Chuang
- Re: [pkix] Identified Work Items and Discussion S… Stephen Farrell
- Re: [pkix] Identified Work Items and Discussion S… Tom Ritter
- Re: [pkix] Identified Work Items and Discussion S… John R Levine
- Re: [pkix] Identified Work Items and Discussion S… Wei Chuang
- Re: [pkix] Identified Work Items and Discussion S… Tom Ritter
- Re: [pkix] Identified Work Items and Discussion S… Stephen Farrell
- [pkix] Room change wasRe: Identified Work Items a… Stephen Farrell
- Re: [pkix] Identified Work Items and Discussion S… Dr. Pala