IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Nico Williams <nico@cryptonector.com> Sat, 09 March 2019 20:15 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5293412872C; Sat, 9 Mar 2019 12:15:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hb5S6c6hRiTX; Sat, 9 Mar 2019 12:15:52 -0800 (PST)
Received: from purple.birch.relay.mailchannels.net (purple.birch.relay.mailchannels.net [23.83.209.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F5B1286C8; Sat, 9 Mar 2019 12:15:51 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9520043222; Sat, 9 Mar 2019 20:15:49 +0000 (UTC)
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (unknown [100.96.29.216]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 44256437F0; Sat, 9 Mar 2019 20:15:49 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.3); Sat, 09 Mar 2019 20:15:49 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Bitter-Belong: 3b0cabc53a7e5452_1552162549471_3487902559
X-MC-Loop-Signature: 1552162549471:4252187169
X-MC-Ingress-Time: 1552162549471
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTP id DF28A80A25; Sat, 9 Mar 2019 12:15:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=FcR32bcNgddcVz f/nfmVmAHa4wg=; b=kqUxhxf/qrAIj7tGRF0ghJlyS8T1adAifpoIBYkw5fk7Ku J9PBjf4qpeNP63B862IUZfKuCQThMlg2JevrgbPrnARF3LGQr6I7fhPKmmzPnybn j84G3gFau5Wh6295cBxMXDSQlnWJhtP2eN7NKZOKpoghU5+iMBFxmY2/JNe0w=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTPSA id 06CC080A53; Sat, 9 Mar 2019 12:15:45 -0800 (PST)
Date: Sat, 09 Mar 2019 14:15:43 -0600
X-DH-BACKEND: pdx1-sub0-mail-a47
From: Nico Williams <nico@cryptonector.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: uta@ietf.org, IESG <iesg@ietf.org>
Message-ID: <20190309201542.GA4211@localhost>
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <20190227234403.GF4108@localhost> <CALaySJLsj+5xsOcukj8Pn9AU7JCvVpHJOTySV_4x62zD3DLXwQ@mail.gmail.com> <20190301185108.GG4108@localhost> <CALaySJKnaeOk-1fEQZXmJLNZg+CMufqETj21PWTv=TapJfVQoQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CALaySJKnaeOk-1fEQZXmJLNZg+CMufqETj21PWTv=TapJfVQoQ@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrgedvgddufeekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/JAlGqkO9Ek18jNuPbA1IZeeshB4>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Mar 2019 20:15:54 -0000

On Sat, Mar 02, 2019 at 10:09:32AM -0500, Barry Leiba wrote:
> > > > My idea of an ideal end-state for hop-by-hop security for e-mail is
> > > > that:
> > >
> > > See, this is why we often say that IETF folks should not generally try
> > > to design UI things:
> >
> > What on Earth made you choose to be so condescending here?  Do I not get
> > to express my personal preferences?
> 
> I'm sorry.  I didn't mean to condescend, and please accept my apology
> for having worded it badly.

Thanks.

UI design isn't easy, but *we*, IETF participants, cannot say that we
know so little about it that we won't even begin to discuss UI design.

I think it would be irresponsible for us to not consider UI issues and
design at all.

It would also be irresponsible (this must have been your point) to not
recognize our limitations here and seek help from domain experts.

Our publication process involves reviews and iteration precisely so we
can fine-tune such things.

> > How about a response to the substantive parts of my post?
> 
> The only part I was addressing was the suggestion of prominent UI
> indications, which I do not think is a good thing for the reasons I've
> said: Almost all users will not understand at all what the indications
> mean, and many will understand incorrectly to the point of being
> misinformed by them.

So, the UI details can vary.  E.g.,

 - The default might be that inbound email delivered with unacceptable
   security options gets bounced.  This is for users like my mom.

 - A non-default option might be that inbound email delivered with
   unacceptable security options gets bounced and yet also delivered to
   a "insecure" or spam folder.  This is for users like me.

 - Yet another non-default option might be that inbound email delivered
   with unacceptable security options gets delivered anyways and some
   less-obvious-than-an-insecure-mailfolder UI indicator (the sort you
   were objecting to) gets set.  This also for users like me.

Email is insecure today.  There's no path to a flag-day cutover to a
universe where email is secure.  Having no UI indicators of any kind is
not going to work for a migration to secure-by-default email.

Like it or not, we *do* have UI indicators of this sort for email today.
Things like spam folders.  Or gmail's warnings about suspicious emails.

I don't think we're ready to not have any such indicators.  Not on the
web, and not for email.

Even on the web, we might be removing or de-emphasizing the lock icon,
but still you get the "something went wrong" page with a not-easy-to-
notice "i know what I'm doing, let me see it anyways" button a few
clicks away.

Nico
--

v2.23.0 | Report a Bug | By Email