Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
Ted Lemon <mellon@fugue.com> Wed, 02 December 2015 13:50 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDEEE1A8F41; Wed, 2 Dec 2015 05:50:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dItOb2mJwMis; Wed, 2 Dec 2015 05:50:55 -0800 (PST)
Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id B713F1A8F3F; Wed, 2 Dec 2015 05:50:54 -0800 (PST)
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14490642509200.3453761243727058"
From: Ted Lemon <mellon@fugue.com>
To: shutup@ietf.org
In-Reply-To: <565EB238.6060207@pscs.co.uk>
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <11d014e5-9a6a-4b78-92a1-8e0a1e0a905d@gulbrandsen.priv.no> <lGTaHvC8ygXWFAuu@highwayman.com> <57B818513A0069189BA3CF41@JcK-HP8200.jck.com> <1449014394167-7d2dec58-2c6a9ae8-33fc8e7a@fugue.com> <565E4CCF.3080901@mustelids.ca> <1449024914920-c367c12b-5b2db232-b118a379@fugue.com> <565EB238.6060207@pscs.co.uk>
Date: Wed, 02 Dec 2015 13:50:50 +0000
Message-Id: <1449064251263-c451a28b-ba1e4af8-62e69b69@fugue.com>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/pwsV8qLvGWuzdEMhsGcnnWNVsAs>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 13:50:58 -0000
Wednesday, Dec 2, 2015 3:56 AM Paul Smith wrote: > The thing is that whatever you do to email, the weak link is always the human. Humans are the ones who respond to Nigerian princes, they're the ones who think it's OK to send their bank password by email to anyone who asks for it in an authoritative way, etc. > > So, training HAS to be done, otherwise people will lose privacy. Look, I'm really sorry to keep harping on this, because I know it's a bit off topic and probably annoying, but your model of how to do security for end users is simply wrong. The way you prevent people from getting scammed is to by default not deliver email from people they don't know. I realize this is anathema to a lot of email folks, but that's why facebook is more popular than email now: facebook doesn't deliver spam from people you haven't friended. The way you prevent people from getting their passwords ripped is to not give them passwords. The tokbind working group is working this problem, and the solution they have is a good one, which we will undoubtedly see deployed in the future. It's true that it's not available now, and the vulnerability that you cite does exist now. This is a problem we need to solve, not an inevitable quality of online technology. Security technology based on physical tokens is also getting better/more accessible. It's worth noting that Nigerian scammers typically scam people who have actual cognitive deficits, not regular people. People aren't actually all equally gullible, and there are lots of people who are skeptical enough that they can benefit from privacy protections even in the absence of secure token binding and physical tokens. > Of course, most people don't really care about privacy whatever they say (witness all the personal information posted to Facebook/Twitter/etc) so it doesn't matter that they can't be trained. The ones who do really care about their privacy are the ones who will train themselves if the information is available to them. This doesn't reflect what people who actually study this issue are saying. People do care about privacy. They just can't get it. Even though they can't get it, they do take measures to get it to the extent that they can. It's true that not everybody does this, but it is not true that most people just don't care. If you ask them "do you care about privacy," they might say no, but if for example you ask them "do you care if thieves know whether or not you are out of town," they will say yes. So saying that because people don't care about privacy, we shouldn't try to protect their privacy, is wrong on two counts: first it's wrong that people don't care about privacy, and second it's wrong that we shouldn't try to protect people from threats of which they are not presently aware. -- Sent from Whiteout Mail - https://whiteout.io My PGP key: https://keys.whiteout.io/mellon@fugue.com
- Re: [Shutup] Proposed Charter for something Ted Lemon
- [Shutup] Proposed Charter for the "SMTP Headers U… Alexey Melnikov
- Re: [Shutup] Proposed Charter for the "SMTP Heade… John R Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Alexey Melnikov
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Jim Fenton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Rolf E. Sonneveld
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Newman
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] chained authorizationm, was Proposed… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] chained authorizationm, was Proposed… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Randall Gellens
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Tony Finch
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen (b)
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Simon Josefsson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… MH Michael Hammer (5304)
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
- [Shutup] Proposed Charter for the "SMTP Headers U… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
- Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Martijn Grooten
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for something John Levine
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Robert A. Rosenberg
- Re: [Shutup] Proposed Charter for something Dave Crocker
- Re: [Shutup] Proposed Charter for something Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for som… John C Klensin
- Re: [Shutup] Proposed Charter for something Stephen Farrell
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Stephen Farrell
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for som… Chris Lewis
- Re: [Shutup] Proposed Charter for something Hector Santos