Re: [therightkey] Secure e-mail, and why it's not an intractable problem
Olaf Kolkman <olaf@NLnetLabs.nl> Wed, 15 February 2012 16:06 UTC
Return-Path: <olaf@NLnetLabs.nl>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BA1121F8744 for <therightkey@ietfa.amsl.com>; Wed, 15 Feb 2012 08:06:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.564
X-Spam-Level:
X-Spam-Status: No, score=-102.564 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jm3rL1PDHInl for <therightkey@ietfa.amsl.com>; Wed, 15 Feb 2012 08:06:27 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 25BF421F8742 for <therightkey@ietf.org>; Wed, 15 Feb 2012 08:06:26 -0800 (PST)
Received: from [IPv6:2001:7b8:206:1:ba8d:12ff:fe04:cd14] ([IPv6:2001:7b8:206:1:ba8d:12ff:fe04:cd14]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.4/8.14.4) with ESMTP id q1FG6ENc033431 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 15 Feb 2012 17:06:14 +0100 (CET) (envelope-from olaf@NLnetLabs.nl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1329321980; bh=sfTgsPG59+ycXKMpls37ptOooZ6kHhNp+yIIJi0qUoM=; h=Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=hygS9d+LoQAepBZMfA0YFluDJIHOXYLYJ3eMRKz0ETmPP8M3FQIK2C6QaMOGyHdk6 JNGpOUUT1PMT1pZ5aiVngypWDuSURISY84EfWtatgLnIJso8BP+ylUv7FFObYMAixD nWsxpxiuf+IzLy6oj6sDQDElkOMN9VNA381xsmbc=
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_02E68E83-69B1-49D2-B5AC-A26E980E3B0A"; protocol="application/pgp-signature"; micalg="pgp-sha1"
From: Olaf Kolkman <olaf@NLnetLabs.nl>
In-Reply-To: <CAMm+LwjohMLZM2uXLr1h3ptxMJ=eRiFEOXE_PaEsH26zxVrYQA@mail.gmail.com>
Date: Wed, 15 Feb 2012 17:06:08 +0100
Message-Id: <B3BB526F-B88D-4154-886D-ED8F2AFD2688@NLnetLabs.nl>
References: <12020712051780_4AE3A@oregon.uoregon.edu> <p06240811cb57510cf463@10.120.131.43> <CAMm+LwjKyDGfscfsGoOHXkb9Qd2JHk3p=Jz7vQW4LneS+h9FMQ@mail.gmail.com> <p06240806cb5859f9dd7d@192.67.20.202> <64BDD821-80B9-4FF6-9E91-72A3A515AA77@gmail.com> <p06240811cb589ebb3ede@192.67.20.202> <CAMm+Lwh9dGzrjRAgb-xSUGJ_TDgJzYW3udKFD6bKxGaHRVBNgw@mail.gmail.com> <4F332B39.7090805@cs.tcd.ie> <gyf7kr1r41fhpiqu04jezwJv4X.penango@mail.gmail.com> <CAK3OfOj8Mz90VMJHC_kyjdy3ng95n8p=GiDKjvsLEW3JCToLPA@mail.gmail.com> <CAMm+LwjohMLZM2uXLr1h3ptxMJ=eRiFEOXE_PaEsH26zxVrYQA@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1257)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Wed, 15 Feb 2012 17:06:16 +0100 (CET)
Cc: Nico Williams <nico@cryptonector.com>, "therightkey@ietf.org" <therightkey@ietf.org>, Kyle Hamilton <aerowolf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [therightkey] Secure e-mail, and why it's not an intractable problem
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2012 16:06:32 -0000
On Feb 9, 2012, at 2:16 PM, Phillip Hallam-Baker wrote: > For Alice and Bob there are many possible paths: > > I very often start writing an email message on one machine and > continue on another. In the course of a typical day I use a minimum of > one PC, one Macbook, one iPhone and my work iPad. So for me it is > actually quite usual for me to start writing an email on the Mac and > continue on the PC. I typically read the messages on whichever one of > the four machines is close at hand. > > So the arity of the relationships is: > > MUA -> MTA: Many -> 1 > MTA -> MTA: 1 -> 1 > MTA -> MUA: 1-> Many > > Now a good email setup should of course have multiple MTAs. But they > should have a setup that makes them look like a single logical unit. > There are many mail servers for example.com but only one logical mail > service. > > So now we see why security policy driven by MUA published security > policy is going to fail: there is no consistency in the MUA loop. I > read mail on four separate devices. They have no way to communicate > between themselves to negotiate a common security policy and I > certainly would not want them to. > > Conclusion: > > 1) Security policy is a property of MTAs and not MUAs and hence of > domains and not accounts. I am wading through the list trying to catch up... and something in the above makes me wonder. You start of with Alice and Bob, describe a relation between machinery, and conclude that the security policy is a property of the machinery. Why is the security policy not tied to Alice and Bob? --Olaf ________________________________________________________ Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- [therightkey] Will the real RPF please stand up? Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Daniel Kahn Gillmor
- Re: [therightkey] Will the real RPF please stand … Andrew Sullivan
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … David Conrad
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Andrew Sullivan
- Re: [therightkey] Will the real RPF please stand … Chris Palmer
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Chris Palmer
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Chris Palmer
- Re: [therightkey] Will the real RPF please stand … Ralph Holz
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Ralph Holz
- Re: [therightkey] Will the real RPF please stand … David Conrad
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … Martin Millnert
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Ralph Holz
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Paul Lambert
- Re: [therightkey] Will the real RPF please stand … Martin Millnert
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Thomas Hardjono
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Paul Lambert
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Daniel Kahn Gillmor
- [therightkey] trustworthiness [was: Re: Will the … Daniel Kahn Gillmor
- Re: [therightkey] trustworthiness [was: Re: Will … Phillip Hallam-Baker
- Re: [therightkey] trustworthiness [was: Re: Will … Jon Callas
- Re: [therightkey] trustworthiness [was: Re: Will … Daniel Kahn Gillmor
- Re: [therightkey] trustworthiness [was: Re: Will … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Matt DeMoss
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Joe St Sauver
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Ryan Hurst
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Bill Frantz
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Zack Weinberg
- [therightkey] focus (Was: Re: Will the real RPF p… Stephen Farrell
- [therightkey] Secure e-mail, and why it's not an … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] focus (Was: Re: Will the real R… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Stephen Farrell
- Re: [therightkey] focus (Was: Re: Will the real R… Stephen Farrell
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] focus (Was: Re: Will the real R… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams
- Re: [therightkey] Will the real RPF please stand … Daniel Kahn Gillmor
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Secure e-mail, and why it's not… Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Joe St Sauver
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Secure e-mail, and why it's not… Olaf Kolkman
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Kyle Hamilton
- Re: [therightkey] Secure e-mail, Martin Rex
- Re: [therightkey] Secure e-mail, Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, Nico Williams
- Re: [therightkey] Secure e-mail, Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Secure e-mail, and why it's not… Kyle Hamilton
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams