Re: [therightkey] Will the real RPF please stand up?
Stephen Kent <kent@bbn.com> Thu, 09 February 2012 17:59 UTC
Return-Path: <kent@bbn.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678C521E8028 for <therightkey@ietfa.amsl.com>; Thu, 9 Feb 2012 09:59:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.385
X-Spam-Level:
X-Spam-Status: No, score=-106.385 tagged_above=-999 required=5 tests=[AWL=0.213, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZA8Y77Gu1Tc8 for <therightkey@ietfa.amsl.com>; Thu, 9 Feb 2012 09:59:30 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 791A021E8021 for <therightkey@ietf.org>; Thu, 9 Feb 2012 09:59:30 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:41475 helo=[10.71.30.158]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1RvYHI-0007Ov-6K; Thu, 09 Feb 2012 12:59:29 -0500
Mime-Version: 1.0
Message-Id: <p06240803cb59b1cdd721@[192.67.20.202]>
In-Reply-To: <CAMm+Lwh9dGzrjRAgb-xSUGJ_TDgJzYW3udKFD6bKxGaHRVBNgw@mail.gmail.com>
References: <12020712051780_4AE3A@oregon.uoregon.edu> <p06240811cb57510cf463@10.120.131.43> <CAMm+LwjKyDGfscfsGoOHXkb9Qd2JHk3p=Jz7vQW4LneS+h9FMQ@mail.gmail.com> <p06240806cb5859f9dd7d@192.67.20.202> <64BDD821-80B9-4FF6-9E91-72A3A515AA77@gmail.com> <p06240811cb589ebb3ede@192.67.20.202> <CAMm+Lwh9dGzrjRAgb-xSUGJ_TDgJzYW3udKFD6bKxGaHRVBNgw@mail.gmail.com>
Date: Thu, 09 Feb 2012 12:34:00 -0500
To: Phillip Hallam-Baker <hallam@gmail.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-883312128==_ma============"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Will the real RPF please stand up?
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2012 17:59:32 -0000
At 8:22 PM -0500 2/8/12, Phillip Hallam-Baker wrote: >Alice has three mobile phones and six laptops. > >Using embedded keys in those devices for authorization is no problem >since each device can have a separate private key and the >authentication server tracks the fact that there are nine devices that >might authenticate Alice. > >The same model can even be made to work for confidentiality. Alice can >read her DRM protected Kindle content on any one of those devices. >(Though there may be limits on how many devices the DRM scheme will >permit). > > >Trying to make S/MIME email work in that scenario is futile. The >sender only tracks one private key for Alice. So Alice has to export >her private key to all her S/MIME clients. Not only is that terrible >security practice, it is too much work. Worse, Alice has to repeat the >process once a year. > >That is why I no longer believe that end-to-end is a desirable >quality. A security requirement that does not consider the cost it >imposes versus the risks it mitigates is ideology. OK, now I understand your argument (aided by 5 paragraphs explanatory of text). If this is the major issue, then, for the S/MIME context, one could develop procedures for easy, secure xfer of private keys between devices, so that Alice could have the same key for encryption (more properly decryption) for S/MINE. Procedures for doing this have been proposed in secruity conferences for at least a decade. Aslo, this is an issue only for encrypted S/MIME messages, not signed messages. Outside of enterprise contexts I rarely see encrypted messages, and I don't think the problem you cited is the primary' reason for this. Steve
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- [therightkey] Will the real RPF please stand up? Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Daniel Kahn Gillmor
- Re: [therightkey] Will the real RPF please stand … Andrew Sullivan
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … David Conrad
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Andrew Sullivan
- Re: [therightkey] Will the real RPF please stand … Chris Palmer
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Chris Palmer
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Chris Palmer
- Re: [therightkey] Will the real RPF please stand … Ralph Holz
- Re: [therightkey] Will the real RPF please stand … Richard L. Barnes
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Ralph Holz
- Re: [therightkey] Will the real RPF please stand … David Conrad
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … Martin Millnert
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Ralph Holz
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Paul Lambert
- Re: [therightkey] Will the real RPF please stand … Martin Millnert
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Thomas Hardjono
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Paul Lambert
- Re: [therightkey] Will the real RPF please stand … Jon Callas
- Re: [therightkey] Will the real RPF please stand … Daniel Kahn Gillmor
- [therightkey] trustworthiness [was: Re: Will the … Daniel Kahn Gillmor
- Re: [therightkey] trustworthiness [was: Re: Will … Phillip Hallam-Baker
- Re: [therightkey] trustworthiness [was: Re: Will … Jon Callas
- Re: [therightkey] trustworthiness [was: Re: Will … Daniel Kahn Gillmor
- Re: [therightkey] trustworthiness [was: Re: Will … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Matt DeMoss
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Joe St Sauver
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Ryan Hurst
- Re: [therightkey] Will the real RPF please stand … Martin Rex
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Bill Frantz
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Zack Weinberg
- [therightkey] focus (Was: Re: Will the real RPF p… Stephen Farrell
- [therightkey] Secure e-mail, and why it's not an … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] focus (Was: Re: Will the real R… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Stephen Farrell
- Re: [therightkey] focus (Was: Re: Will the real R… Stephen Farrell
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] focus (Was: Re: Will the real R… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams
- Re: [therightkey] Will the real RPF please stand … Daniel Kahn Gillmor
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Secure e-mail, and why it's not… Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Joe St Sauver
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Will the real RPF please stand … DIEGO LOPEZ GARCIA
- Re: [therightkey] Secure e-mail, and why it's not… Olaf Kolkman
- Re: [therightkey] Secure e-mail, and why it's not… Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, and why it's not… Kyle Hamilton
- Re: [therightkey] Secure e-mail, Martin Rex
- Re: [therightkey] Secure e-mail, Phillip Hallam-Baker
- Re: [therightkey] Secure e-mail, Nico Williams
- Re: [therightkey] Secure e-mail, Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Stephen Kent
- Re: [therightkey] Will the real RPF please stand … Phillip Hallam-Baker
- Re: [therightkey] Will the real RPF please stand … Kyle Hamilton
- Re: [therightkey] Secure e-mail, and why it's not… Kyle Hamilton
- Re: [therightkey] Secure e-mail, and why it's not… Nico Williams