Re: [saag] Ubiquitous Encryption: spam filtering
Dave Crocker <dhc@dcrocker.net> Tue, 30 June 2015 18:43 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E04AD1B2B0B for <saag@ietfa.amsl.com>; Tue, 30 Jun 2015 11:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7nYuVgWR_MJg for <saag@ietfa.amsl.com>; Tue, 30 Jun 2015 11:43:00 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E174A1B2B0C for <saag@ietf.org>; Tue, 30 Jun 2015 11:43:00 -0700 (PDT)
Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id t5UIglF2023716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 30 Jun 2015 11:42:51 -0700
Message-ID: <5592E326.4050804@dcrocker.net>
Date: Tue, 30 Jun 2015 11:42:46 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: joel jaeggli <joelja@bogus.com>, Phillip Hallam-Baker <phill@hallambaker.com>, John Levine <johnl@taugh.com>
References: <20150623151902.89304.qmail@ary.lan> <CAMm+LwjG7=r1B5J2P9WNpEefs9kC+b9ZLM+Q71-KJ=3jb6Gq_Q@mail.gmail.com> <559236DF.7080203@bogus.com>
In-Reply-To: <559236DF.7080203@bogus.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 30 Jun 2015 11:42:51 -0700 (PDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/dleGdHNzs3ohTA_uAPML_uSl7gs>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: spam filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 18:43:02 -0000
On 6/29/2015 11:27 PM, joel jaeggli wrote: > On 6/29/15 8:13 PM, Phillip Hallam-Baker wrote: >> Main constraint is that you don't want to accept end-to-end encrypted >> email unless it is signed by someone you know. So the endy mail problem >> becomes an introduction problem. > > The fact that parties that are known to each other have not in general > been mutually authenticated is a, if not the, significant conduit of > phishing. There is a very strong tendency to try to characterize one or another underlying aspect of human communication as simple, and therefore to believe that imposing adequate quality control on its conduct is relatively straightforward. As an example, new contacts from individuals with whom one has had no previous contact, constitute an essential component of human communication. The constraint stated at the top of this message would eliminate that capability. (Another problem with the constraint is that, as noted, it ignores various other abuse vectors that are based on exploiting those we already know.) For every line of anti-abuse pursuit or proposed mechanism for controlling it, one should always begin by asking how badly it is Procrustean and whether chopping or stretching online communications that little bit more really is tolerable. When the answer is yes, consider carefully who is making the assessment and what gives them the right to add that (global) restriction... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [saag] Ubiquitous Encryption: spam filtering John Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Nico Williams
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering joel jaeggli
- Re: [saag] Ubiquitous Encryption: spam filtering Eliot Lear
- Re: [saag] Ubiquitous Encryption: spam filtering Dave Crocker
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker