IETF Logo Mail Archive

Re: [therightkey] Secure e-mail, and why it's not an intractable problem

Olaf Kolkman <olaf@NLnetLabs.nl> Wed, 15 February 2012 16:06 UTC

Return-Path: <olaf@NLnetLabs.nl>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BA1121F8744 for <therightkey@ietfa.amsl.com>; Wed, 15 Feb 2012 08:06:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.564
X-Spam-Level:
X-Spam-Status: No, score=-102.564 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jm3rL1PDHInl for <therightkey@ietfa.amsl.com>; Wed, 15 Feb 2012 08:06:27 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 25BF421F8742 for <therightkey@ietf.org>; Wed, 15 Feb 2012 08:06:26 -0800 (PST)
Received: from [IPv6:2001:7b8:206:1:ba8d:12ff:fe04:cd14] ([IPv6:2001:7b8:206:1:ba8d:12ff:fe04:cd14]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.4/8.14.4) with ESMTP id q1FG6ENc033431 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 15 Feb 2012 17:06:14 +0100 (CET) (envelope-from olaf@NLnetLabs.nl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1329321980; bh=sfTgsPG59+ycXKMpls37ptOooZ6kHhNp+yIIJi0qUoM=; h=Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=hygS9d+LoQAepBZMfA0YFluDJIHOXYLYJ3eMRKz0ETmPP8M3FQIK2C6QaMOGyHdk6 JNGpOUUT1PMT1pZ5aiVngypWDuSURISY84EfWtatgLnIJso8BP+ylUv7FFObYMAixD nWsxpxiuf+IzLy6oj6sDQDElkOMN9VNA381xsmbc=
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_02E68E83-69B1-49D2-B5AC-A26E980E3B0A"; protocol="application/pgp-signature"; micalg="pgp-sha1"
From: Olaf Kolkman <olaf@NLnetLabs.nl>
In-Reply-To: <CAMm+LwjohMLZM2uXLr1h3ptxMJ=eRiFEOXE_PaEsH26zxVrYQA@mail.gmail.com>
Date: Wed, 15 Feb 2012 17:06:08 +0100
Message-Id: <B3BB526F-B88D-4154-886D-ED8F2AFD2688@NLnetLabs.nl>
References: <12020712051780_4AE3A@oregon.uoregon.edu> <p06240811cb57510cf463@10.120.131.43> <CAMm+LwjKyDGfscfsGoOHXkb9Qd2JHk3p=Jz7vQW4LneS+h9FMQ@mail.gmail.com> <p06240806cb5859f9dd7d@192.67.20.202> <64BDD821-80B9-4FF6-9E91-72A3A515AA77@gmail.com> <p06240811cb589ebb3ede@192.67.20.202> <CAMm+Lwh9dGzrjRAgb-xSUGJ_TDgJzYW3udKFD6bKxGaHRVBNgw@mail.gmail.com> <4F332B39.7090805@cs.tcd.ie> <gyf7kr1r41fhpiqu04jezwJv4X.penango@mail.gmail.com> <CAK3OfOj8Mz90VMJHC_kyjdy3ng95n8p=GiDKjvsLEW3JCToLPA@mail.gmail.com> <CAMm+LwjohMLZM2uXLr1h3ptxMJ=eRiFEOXE_PaEsH26zxVrYQA@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1257)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Wed, 15 Feb 2012 17:06:16 +0100 (CET)
Cc: Nico Williams <nico@cryptonector.com>, "therightkey@ietf.org" <therightkey@ietf.org>, Kyle Hamilton <aerowolf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [therightkey] Secure e-mail, and why it's not an intractable problem
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2012 16:06:32 -0000

On Feb 9, 2012, at 2:16 PM, Phillip Hallam-Baker wrote:

> For Alice and Bob there are many possible paths:
> 
> I very often start writing an email message on one machine and
> continue on another. In the course of a typical day I use a minimum of
> one PC, one Macbook, one iPhone and my work iPad. So for me it is
> actually quite usual for me to start writing an email on the Mac and
> continue on the PC. I typically read the messages on whichever one of
> the four machines is close at hand.
> 
> So the arity of the relationships is:
> 
> MUA -> MTA:  Many -> 1
> MTA -> MTA:  1 -> 1
> MTA -> MUA:  1-> Many
> 
> Now a good email setup should of course have multiple MTAs. But they
> should have a setup that makes them look like a single logical unit.
> There are many mail servers for example.com but only one logical mail
> service.
> 
> So now we see why security policy driven by MUA published security
> policy is going to fail: there is no consistency in the MUA loop. I
> read mail on four separate devices. They have no way to communicate
> between themselves to negotiate a common security policy and I
> certainly would not want them to.
> 
> Conclusion:
> 
> 1) Security policy is a property of MTAs and not MUAs and hence of
> domains and not accounts.


I am wading through the list trying to catch up... and something in the above makes me wonder.

You start of with Alice and Bob, describe a relation between machinery, and conclude that the security policy is a property of the machinery.

Why is the security policy not tied to Alice and Bob?


--Olaf


________________________________________________________ 

Olaf M. Kolkman                        NLnet Labs
http://www.nlnetlabs.nl/

v2.23.0 | Report a Bug | By Email