On 8/27/2011 4:12 PM, t.petch wrote:
Glen
Me again.
Just after I posted my last message, I received a post on the ietf-ssh list,
hosted by netbsd.org, and looking through the 'Received: from' headers, as
one
does on a wet Saturday morning of a Bank Holiday weekend, there was TLS,
used to
submit the message to the server, so even spammers have caught on that TLS
should be used everywhere. End to end?
As a side note, the reason spammers use TLS to submit mail is obvious: It's
required by many submission servers so they really don't have a choice. (The
reason it's required is to protect the authentication exchange, not because
there's any real expectation that it provides useful privacy protection for the
submitted email itself.)
Apparently, from the POV of the spammer & his SMTP server. Email is a
store & forward system. In any case, my original question was not about
the definition of end-to-end, it was about Ned usage of the term "hop".
I used the term "hop" in a very generic sense to refer to moving the
data around.
Upon further analysis, however, it seems clear that he was referring to
the email archives as if they are something other than simple files (as
betrayed by his statement that "Don't pretend a transfer protection
mechanism covering exactly one hop provides real object security,
because it doesn't."); thus, the retrieval of the archived data would be
the last "hop" in the email system.
And that's incorrect. For one thing, I often retrieve material from web sites
and save it rather than looking at it right there on the screen. So the
transfer of the material from the web server is in no way, shape, or form the
final hop the information takes before it is consumed. As as Keith points out,
I and many others am often forced to do such access through corporate-mandated
proxies of various sorts - another hop.
There seem to be two problems with
this statement: one is taking the file transfer mechanism as if it was
part of the email system itself,
Nobody is making any such claim.
which it obviously is not (downloading
an archived message is no different than downloading an RFC from a Web
site); the other being that someone, somewhere was pretending that TLS
does something that it was never designed to do (a straw man of, AFAICT,
Ned's invention -- I don't recall anybody making such a claim on this
thread,
I was responding to the justification given for the use of https in this
context. The exact words used were:
The mail archives (and the minutes of the physical meetings)
are the official record of the Working Groups, IETF, etc.
Those archives should be available with a reasonably high
level of integrity and authenticity.
Nor was I the only, or even the first, to suggest that object security
is needed for this sort of protection.
nor for that matter saying they _wanted_ "real object security"
applied to the archives, merely that it's not really a bad idea for a
person retrieving them to have some assurance that they came from the
IETF server and that they weren't modified in transit).
And once again, nobody is saying that TLS doesn't give some very limited
assurance along these lines - the notion that there are claims to the contrary
is your own strawman. What we are saying is that there are also significant
costs, those costs appear to be greater than the benefits in this case, and if
there is real concern about archive integrity there are better ways to secure
them.
Anyway, this discussion is now well past it's sell-by date, so this will be my
final response on the topic.
Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf