[plasma] why not web portal mail?

Trevor Freeman <trevorf@exchange.microsoft.com> Wed, 06 April 2011 19:32 UTC

Return-Path: <trevorf@exchange.microsoft.com>
X-Original-To: plasma@core3.amsl.com
Delivered-To: plasma@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48CDF3A6973 for <plasma@core3.amsl.com>; Wed, 6 Apr 2011 12:32:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -108.998
X-Spam-Level:
X-Spam-Status: No, score=-108.998 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xuzO4HySgscj for <plasma@core3.amsl.com>; Wed, 6 Apr 2011 12:31:42 -0700 (PDT)
Received: from mail.exchange.microsoft.com (mail1.exchange.microsoft.com [131.107.1.17]) by core3.amsl.com (Postfix) with ESMTP id F0C433A63EB for <plasma@ietf.org>; Wed, 6 Apr 2011 12:31:36 -0700 (PDT)
Received: from df-h14-01.exchange.corp.microsoft.com (157.54.78.139) by DF-G14-01.exchange.corp.microsoft.com (157.54.87.87) with Microsoft SMTP Server (TLS) id 14.1.218.12; Wed, 6 Apr 2011 12:33:21 -0700
Received: from PIO-MLT-05.exchange.corp.microsoft.com (157.54.94.22) by DF-H14-01.exchange.corp.microsoft.com (157.54.78.139) with Microsoft SMTP Server (TLS) id 14.1.289.8; Wed, 6 Apr 2011 12:33:20 -0700
Received: from DF-M14-12.exchange.corp.microsoft.com ([fe80::7c94:4036:120:c95f]) by PIO-MLT-05.exchange.corp.microsoft.com ([fe80::d940:e316:1daa:5e6a%10]) with mapi id 14.01.0218.012; Wed, 6 Apr 2011 12:33:20 -0700
From: Trevor Freeman <trevorf@exchange.microsoft.com>
To: "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: why not web portal mail?
Thread-Index: Acv0kXrWGetxV1fRTF6d/JQ0xrOecQ==
Date: Wed, 6 Apr 2011 19:33:19 +0000
Message-ID: <E545B914D50B2A4B994F198378B1525D2F49734F@DF-M14-12.exchange.corp.microsoft.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.123.12]
Content-Type: multipart/alternative; boundary="_000_E545B914D50B2A4B994F198378B1525D2F49734FDFM1412exchange_"
MIME-Version: 1.0
Subject: [plasma] why not web portal mail?
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2011 19:32:03 -0000

Stephen Farrell asked why not use Web portal mail? Why do we need to develop plasma?

I don't think we concisely answered that question in the BoF and it is an important data point.

The web portal mail products are used where there is no way to securely deliver sensitive mail to a recipient outside the sender's organization. The message is held within the sender's organization and a notification email is sent to the recipient.  The notification email contains a HTTPS URI to the original message with the sensitive content.

This model work Ok if it is bilateral communication e.g. doctor-patient where you want to reply to the sender. This has been deployed with my healthcare provider and we can exchange messages.   However the notification email are very generic by design so it hard to find specific messages in your inbox other than by date and time sent. It also means useful features like inbox search don't work as you only have the notification message in your inbox.

This model fails totally if it's multilateral communication where you want to reply all or forward to messages. The message never leaves the originators organization so you cannot originate new message as if it were from a recipient's organization. This means for business to business scenario it would hinder the use of email for collaboration.

With these limitations I think it's clear that that plasma offers some significant benefits over web portal email.

Dr Trevor Freeman  Senior Security Strategist
End to End Trust Team<http://www.microsoft.com/mscorp/twc/endtoendtrust/default.mspx>
Microsoft Trustworthy Computing <http://www.microsoft.com/mscorp/twc/default.mspx>