[Top] [All Lists]

Re: [ietf-smtp] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)

2013-10-17 12:03:21
On Wed, Oct 16, 2013 at 7:45 AM, SM <sm(_at_)resistor(_dot_)net> wrote:

Hi Wei,

At 12:31 15-10-2013, Wei Chuang wrote:

Request for discussion (draft-wchuang-msmd) of a proposal to secure mail
from eavesdropping and MitM attacks.  All comments welcome on this thread.
 I'm mentioning the proposal also to apps-discuss@ and saag@ lists as
this may be of interest to them too, but redirecting discussion to this
list so its all happening in one place.

There has been some discussion about opportunistic on the (IETF) perpass
mailing list.  The problem, if I can call it that, is the assumption that
"the destination will honor maintaining the MSMD protocol".  There have
been several proposals previously which have tried to maintain that in
various ways.

I suggest taking a look at RFC 6710.  If I recall correctly there was some
discussion about why the assumptions being made might not work out well in
general.  It may be possible to find out whether the "might not work out
well" is incorrect as there are implementations of the specification.

Agreed this was useful to look at.  Was the I-D for RFC 6710 discussed on
this mailing list? or if you happen to know the I-D name, I can try to
search for it. The discussions would be interesting.

If this is a pattern, I wonder if a common platform could be built to
support specifying behavior at mail delivery and having the propagate along
with the message and derivatives?  This is what this proposal is trying to
do for the more specific mail delivery security context.

I hope that my comments are not discouraging.  It is good to have a
proposal such as draft-wchuang-msmd-00 as it provides a starting point to
identify what could be done to get secure mail delivery.

I'll ask an unfair question.  Would you provide me with the assurance that
I will be safe if I use a mail provider which supported the proposal?

I would answer with something wishy washy like "more safe".

 I am aware that it is a high bar.  That's one of the drawbacks of using
the word "secure".

Its conditioned by "mail delivery".


thanks for the pointers,
ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>