ietf-smime
[Top] [All Lists]

RE: Anti-spam news article / S/MIME Gateways

2004-06-25 07:45:17

Hi Phil,
I agree that the end-to-end model is part of the problem. There is
obvious some ground to cover, but I am much more comfortable just fixing
what is broken and reusing what is not. There is no value in reinventing
another wheel - life is to short.
Trevor

* -----Original Message-----
* From: Hallam-Baker, Phillip [mailto:pbaker(_at_)verisign(_dot_)com]
* Sent: Thursday, June 24, 2004 9:44 PM
* To: Trevor Freeman; Ben Littauer; ietf-smime(_at_)imc(_dot_)org
* Subject: RE: Anti-spam news article / S/MIME Gateways
* 
* Trevor,
* 
*       The CMS format is fine, 95% of the spec is fine.
* 
*       The problem is that there is a 5% gap between what S/MIME
delivers
* and what is needed.
* 
*       I think we can close the gap, the key is to throw away the bone
* headed insistence that some people had concerning the end to end model
or
* nothing. We tried that for ten years, we ended up with nothing. IPSEC
* makes
* a lousy VPN protocol for the exact same reason, give me something that
* really works through a NAT box without complaint any day.
* 
*       What is needed is more than just better discovery protocols, or
* logos in the certs. We need better client interfaces, we also need an
in
* band signalling mechanism so you know that when S/MIME enhancements
are
* being added that the channel can support them, including stripping
them
* out
* if some appliance or client turns out not to support them.
* 
*       [Draft to follow]
* 
*               Phill
* 
* > -----Original Message-----
* > From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
* > [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Trevor 
Freeman
* > Sent: Thursday, June 24, 2004 1:42 PM
* > To: Ben Littauer; ietf-smime(_at_)imc(_dot_)org
* > Subject: RE: Anti-spam news article / S/MIME Gateways
* >
* >
* >
* > Hi Ben
* > I agree there are issues with the trust mechanisms etc. Domain
signing
* > is a good idea. What has that to do with the format and
* > encoding of how
* > you sign a message? What part of CMS is so horribly broken
* > that we need
* > another signature format?
* > Trevor
* >
* > * -----Original Message-----
* > * From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
* > [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]
* > * On Behalf Of Ben Littauer
* > * Sent: Wednesday, June 23, 2004 6:34 AM
* > * To: ietf-smime(_at_)imc(_dot_)org
* > * Subject: Re: Anti-spam news article / S/MIME Gateways
* > *
* > *
* > * There's scalability and there's scalability.
* > *
* > * The problem with desktop to desktop PKI is both the
* > directory problem
* > * (i.e.
* > * key discovery and distribution) and the administration problem
* > (issuance,
* > * renewal, and revocation of certificates).  Domain-level PKI
reduces
* > the
* > * scale of both problems by several orders of magnitude.  Solving
the
* > domain
* > * level problems first will perhaps give some clue to the mechanisms
* > * required
* > * for the desktop implementation, should it ever become required.
* > *
* > * -ben-
* > *
* > * > From: "Trevor Freeman" <trevorf(_at_)exchange(_dot_)microsoft(_dot_)com>
* > * > Date: Tue, 22 Jun 2004 11:15:39 -0700
* > * > To: "Craig McGregor" 
<Craig(_dot_)McGregor(_at_)treasury(_dot_)govt(_dot_)nz>, "Russ
* > Housley"
* > * > <housley(_at_)vigilsec(_dot_)com>, <ietf-smime(_at_)imc(_dot_)org>
* > * > Subject: RE: Anti-spam news article / S/MIME Gateways
* > * >
* > * >
* > * > Hi Craig,
* > * > While I understand you comments about closed groups. The real
* > problem
* > * > with scaling beyond closed groups is, as you point out, trust
* > * > mechanisms. What I fail to see is why we need a different
* > signature
* > * > format to deploy a more scalable trust mechanism.
* > * > Trevor
* > * >
* > * > * -----Original Message-----
* > * > * From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
* > * > [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]
* > * > * On Behalf Of Craig McGregor
* > * > * Sent: Monday, June 21, 2004 8:12 PM
* > * > * To: Russ Housley; ietf-smime(_at_)imc(_dot_)org
* > * > * Subject: RE: Anti-spam news article / S/MIME Gateways
* > * > *
* > * > *
* > * > *
* > * > * >Tumbleweed Chief Executive Jeff Smith says there's a lot of
* > * > * misunderstanding about
* > * > * >S/MIME, because it was created as a desktop encryption
* > technology. He
* > * > * argues it's
* > * > * > also simple and cost-effective to use as a gateway
* > authentication
* > * > * technology, and
* > * > * > that its quality advantages make it the best choice.
* > Tumbleweed
* > * > would
* > * > * like to work
* > * > * > with Yahoo to merge their technologies.
* > * > *
* > * > * S/MIME gateway software in the context of a
* > 'closed-community' is
* > a
* > * > * proven method of authenticating the sending domains of e-mail
* > messages
* > * > * and has been effective at blocking increased volumes of
spoofed
* > e-mail
* > * > * messages (providing they were sent from a participating
domain).
* > And
* > * > of
* > * > * cause using S/MIME encryption protects one from in-transit
* > * > eavesdropping
* > * > * too!
* > * > *
* > * > * Applying what is quite managable in a 'closed-community' for
an
* > * > * Internet-wide deployment would be somewhat more challenging
* > though.
* > * > * Particularly around certificate deployment, trust-chains and
* > * > * auto-discovery (assume DNS for internet-wide; a
* > 'closed-community'
* > * > could
* > * > * use LDAP). I think that is why domain keys proposes to trust
DNS
* > data
* > * > as
* > * > * being authorative without any further validation.
* > * > *
* > * > * Craig.
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * > *
* > * >
* >
* >