IETF Logo Mail Archive

Re: [lamps] Proposed addition of header protection to the LAMPS charter

"John R Levine" <johnl@taugh.com> Mon, 12 November 2018 16:51 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1D88130DCA for <spasm@ietfa.amsl.com>; Mon, 12 Nov 2018 08:51:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=tBeETzXe; dkim=pass (1536-bit key) header.d=taugh.com header.b=jz6zFnTO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ufutdJiMZuTf for <spasm@ietfa.amsl.com>; Mon, 12 Nov 2018 08:51:51 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16F05130DC9 for <spasm@ietf.org>; Mon, 12 Nov 2018 08:51:50 -0800 (PST)
Received: (qmail 9989 invoked from network); 12 Nov 2018 16:51:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=2701.5be9afa4.k1811; bh=skXjOubmH66XULyWmcI4vefee9206hKJ07j/bKcM3rs=; b=tBeETzXeF06OlYIaaRM5ZHiRcvcvp6NGlNBIa7djeqLpeFVKJB+sjZjOSkfIZkTy4eJ4JGFeD3U3wvF091ky3xWlUKmrdaECrZVTBVcViS4JXebvtROsPEiq3g8Pj6V7vJFoefHTbyJg4u7te1wxcumVZeXi0QwMTc3Ce7FVeRmHoJWfso92RQ8ml1qnlB95MatQU+fVbPiLEG5dx0mKG/bQmRT56gaVW7pxr6Rtprtw9p6BECiuh99mWBu0cETj
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=2701.5be9afa4.k1811; bh=skXjOubmH66XULyWmcI4vefee9206hKJ07j/bKcM3rs=; b=jz6zFnTOfvotfUFIR5qhZNYdNLHpfEa0qI5QRty9z5hcsleyQeKL2zD5orGK2b8WV4D7lyg9jg/Y8jRLYt/l8f8boCI3o4GM3PbFSk+P6bNd5xAp5sgqGZHRf/k5yr5SRC8yNmShHXIYuMu6Q7o8q60CCxeV1t+B/tP8+6QY5PectwpiQ9YB6FGQn1M/Hbh0gPgmsbnGrL7DWXgGxbX6ooNsNlaPgCykv/E70OU68blptCu603VRHvo5FmsM7K2C
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 12 Nov 2018 16:51:48 -0000
Date: Mon, 12 Nov 2018 11:51:48 -0500
Message-ID: <alpine.OSX.2.21.1811121138140.12656@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: spasm@ietf.org, housley@vigilsec.com
In-Reply-To: <877ehiwaob.fsf@fifthhorseman.net>
References: <20181106045754.7331F2007FC274@dhcp-8071.meeting.ietf.org> <877ehiwaob.fsf@fifthhorseman.net>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/LqBtzn0sL5UsY_iM30uSVea1tlg>
Subject: Re: [lamps] Proposed addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 16:51:54 -0000

On Mon, 12 Nov 2018, Daniel Kahn Gillmor wrote:
>> they looked in their mail programs.  The only thing that was
>> consistent from one MUA to another was that they looked awful.
>
> John, if you have the infrastructure set up to generate screenshots of
> e-mail messages on multiple MUAs (particularly those that handle message
> encryption and/or signatures), i'd love to take advantage of it!  If
> it's something you can share, please let me know (off-list is fine if
> it's not something you can make broadly public).

I have the code that wraps and responds lying around somewhere.  I'll see 
if I can find what addresses it's attached to.  I don't have any 
screenshot tools beyond what anyone has on a Mac or a phone.

> There are multiple clients already doing header protection today,
> interoperably (e.g. enigmail and K-9 mail).  This is not a code-free
> exercise :)

The question isn't whether it's possible to write applications that can 
wrap and unrwap mail.  Of course it is.  The question is whether it's 
usable at scale.  Two niche applications do not scale make.  Get Oath and 
Gmail to implement it in webmail and MS to put it in Outlook, and then 
it'll be interesting.

If e2e encrypted mail becomes at all popular outside of small closed 
communities it will be useless because 95%* of it will be spam and 
malware.  Spam filtering depends both on metadata which the MTA can use 
with encrypted mail and with body filtering which it can't.  Filters need 
to look at the contents and correlate them with the contents of other 
messages both to look for bulk mail, and to recognize and deflect links to 
phishes and malware.

The mail community has known about this issue for a long time and so far 
we have no idea what to do about it other than giving your keys to your 
MTA so it can unwap and filter.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

* - that's how much of mail is spam and malware these days

v2.23.0 | Report a Bug | By Email