Re: [saag] Ubiquitous Encryption: spam filtering
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 30 June 2015 03:13 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD8E1B2FCC for <saag@ietfa.amsl.com>; Mon, 29 Jun 2015 20:13:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BhStRFxxBgRL for <saag@ietfa.amsl.com>; Mon, 29 Jun 2015 20:13:21 -0700 (PDT)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 170041B2FCE for <saag@ietf.org>; Mon, 29 Jun 2015 20:13:21 -0700 (PDT)
Received: by lagh6 with SMTP id h6so75824330lag.2 for <saag@ietf.org>; Mon, 29 Jun 2015 20:13:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wTisPEyRiQ1Q67T3CH87FGLDRpzjPdwKghoVQI64J6Q=; b=D9PVNKATa7byQWNXH3aI6/vUJ1bXUQi+HcTGYgC0qRjyXJPBni0aoS4DlDbWGM+nIC SCdboZJrw18N0B3ojOwDrY2wH66eYRLaYPYg6H6phI7XVSmoEvF8rqa/I54/5r+R3SQ0 0LaNErKte8pWKahw8jTh6Pf1lmgb5PTaGNsJHynfTKzjmQ3l1CRoTQ7wjAsTZCvWQ8Xj YYMjSzJzgiNZ1pE0/nSxZhcie+DuA215AIVADqHGcHnvu4yMNBxlFR7by0dGG5l15rzV oeEPJdlHLItkfFXqH3otWfpeEkodZusQCWJRXiuBWthkE4yPrR61Evta9UJoAv9ELK6g L4TA==
MIME-Version: 1.0
X-Received: by 10.112.164.35 with SMTP id yn3mr11965722lbb.91.1435633999523; Mon, 29 Jun 2015 20:13:19 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Mon, 29 Jun 2015 20:13:19 -0700 (PDT)
In-Reply-To: <20150623151902.89304.qmail@ary.lan>
References: <20150623151902.89304.qmail@ary.lan>
Date: Mon, 29 Jun 2015 23:13:19 -0400
X-Google-Sender-Auth: 2Hpo5ESsflq3--zI8z0CiAvikeM
Message-ID: <CAMm+LwjG7=r1B5J2P9WNpEefs9kC+b9ZLM+Q71-KJ=3jb6Gq_Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: John Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="001a11c3353091b3430519b39687"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/b0QkS7Pagsi_mjD5cD1uJrtOufI>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: spam filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 03:13:22 -0000
On Tue, Jun 23, 2015 at 11:19 AM, John Levine <johnl@taugh.com> wrote: > I can't find in the archives whether the ubiquitous encryption > discussion has looked at the knotty issues of spam filtering. > > It's a really hard problem -- filtering is essential to keep mail > usable, both due to the sheer volume of the spam and the need to keep > phishing and malware away from recipients. You can do some filtering > on the envelope, but there's no substitute for looking at the contents > of the message. > > All of the middlebox issues apply, it's much easier to do the > filtering on a large shared server than at endpoints. Partly that's > because the endpoints often have limited bandwidth and compute power > (think phones) and partly it's because effective filtering needs to > consult shared frequently updated lists of malware signatures and > malicious urls. > I don't think it is actually much of a problem in practice. People just have to be prepared to accept that they probably don't want end-to-end encrypted mail from people they don't know. Once that is accepted, the solutions are fairly straightforward, the publicly visible email encryption key is to the spam filter, after a reply send an end to end key... Main constraint is that you don't want to accept end-to-end encrypted email unless it is signed by someone you know. So the endy mail problem becomes an introduction problem.
- [saag] Ubiquitous Encryption: spam filtering John Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Nico Williams
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering joel jaeggli
- Re: [saag] Ubiquitous Encryption: spam filtering Eliot Lear
- Re: [saag] Ubiquitous Encryption: spam filtering Dave Crocker
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker