Re: [saag] Ubiquitous Encryption: spam filtering
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 02 July 2015 14:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFEE31A8979 for <saag@ietfa.amsl.com>; Thu, 2 Jul 2015 07:51:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.424
X-Spam-Level: *
X-Spam-Status: No, score=1.424 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQlQ2pYAFgDB for <saag@ietfa.amsl.com>; Thu, 2 Jul 2015 07:51:15 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 658041A896D for <saag@ietf.org>; Thu, 2 Jul 2015 07:51:15 -0700 (PDT)
Received: by lbbpo10 with SMTP id po10so33575131lbb.3 for <saag@ietf.org>; Thu, 02 Jul 2015 07:51:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=eL79rNf/m10syINClb5YB4Ao/6J7m5AUQwTrAtwd79g=; b=V3a8aejN7fS1Noh+Syi/c5cFy4QGMBluNtmpBxHKvYehaMFGA84IKofrRJZ7rUrn8Y FTYGUR2+pktScz66UsbvzIBM75hnGBgplb3QIH/tpMyAQJxC7Y1n9BbPZjVp2pRbGNqv zrjRzVECk+g3OxGTMFceuxUKC1Pdd21pB9xfiKOq1TTmDsB8zb1Z4EMwZ7AZ+bKlkCuD V6cTDw3qFgSo1RLliiI/jHz5Hy7IURItL0uV8Zk/bjOqlNAXjP/YB2oIjc9VTplmlqc+ +zCLTmUck4+QNqUYbeBI5kjyNnsTKlcRZY3gbz3zoNpMKS1Mn01h585tt1MmV4JKGVYW 32hw==
MIME-Version: 1.0
X-Received: by 10.152.36.65 with SMTP id o1mr31595830laj.55.1435848673541; Thu, 02 Jul 2015 07:51:13 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Thu, 2 Jul 2015 07:51:13 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.11.1506301600130.78297@ary.lan>
References: <20150623151902.89304.qmail@ary.lan> <CAMm+LwjG7=r1B5J2P9WNpEefs9kC+b9ZLM+Q71-KJ=3jb6Gq_Q@mail.gmail.com> <559236DF.7080203@bogus.com> <CAMm+Lwhcx-AGo_T1E4cjNoAP9n4xnGweGebq2z4cHRpWBNopTA@mail.gmail.com> <alpine.OSX.2.11.1506301600130.78297@ary.lan>
Date: Thu, 02 Jul 2015 10:51:13 -0400
X-Google-Sender-Auth: ZqMSSl3VVSy1m15A7zoRCWAvcUE
Message-ID: <CAMm+LwhyPVoC8=YMvCq3kA0SPqP0gpRUewwaH7nh+7qPDJ1uAw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="089e0158b6c223444e0519e59264"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/oxm_qhsezYwoyDhaAwZ-DPtiupM>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: spam filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 14:51:17 -0000
On Tue, Jun 30, 2015 at 4:04 PM, John R Levine <johnl@taugh.com> wrote: > The first last and only reason phishing is possible is that we use >> authentication credentials that we expect people to keep in their head, >> never write down and only ever give them to people who are trustworthy. >> > > That's some of it, but I've seen malware that does MITM attacks to > redirect transactions authenticated with uncompromised two-factor devices. > If all of the pieces are used exactly correctly, you're pretty secure, but > we know how likely that is in the long term. > > Like I said about spam, it's a hard problem. In spam, exempting people > you know from spam filtering doesn't work. Partly that's because the > introduction problem is as hard as the spam problem, partly that's because > it'll just push spammers toward using compromised legit accounts, something > they do a lot of already. I have no idea why we are still stuck with that junk. Yes, they have the same problems as passwords. But these days the programs run on mobile supercomputers with communications and touch screen displays known as 'smartphones'. Bank sends a request to the phone/watch saying 'do you want to transfer $10,000' Phone/watch authenticates request, gets user input, signs request, returns response to bank. The keys used for signing need never leave the device. OK I know exactly why we are stuck with the junk. Hence my proposal for the mesh.
- [saag] Ubiquitous Encryption: spam filtering John Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Nico Williams
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering joel jaeggli
- Re: [saag] Ubiquitous Encryption: spam filtering Eliot Lear
- Re: [saag] Ubiquitous Encryption: spam filtering Dave Crocker
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker