ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: email standards

2014-09-30 10:54:17
from [Nico Williams] [Permanent Link] 
On Wed, Sep 24, 2014 at 8:11 AM, Jari Arkko 
<jari(_dot_)arkko(_at_)piuha(_dot_)net> wrote:

Apple's Mail.app on desktops allows an S/MIME key to bound via
Keychain to a particular correspondent, without placing any trust
in whatever CA may have issued the certificate.  This makes S/MIME
usable with a TOFU trust-model.

So for me the sweet-spot has been S/MIME with direct (leap of faith)
trust.  I am disappointed when I can't use TOFU with S/MIME in some
other MUAs.


Yes - I have a lot of sympathy for this point of view. Taking this slightly 
more towards the end-user view, not sure I care about what bits are 
underneath, as long as I can achieve what I need to achieve. For a lot of 
users that appears to be hierarchical/unconditional trust for their 
employer’s organisation _and_ the ability to TOFU for the authentication with 
their friends, family, and external entities. Perhaps TOFU not just with 
individuals, but also with organisations.


Right.  S/MIME can be used non-hierarchically, and PGP could be used
hierarchically.  There are very few PK protocols I can think of where
trust mesh or trust hierarchy are so deeply embedded that you cannot
co-opt the protocol to work the other way.

(The one example that comes to mind is DNSSEC, and even there
TOFU/mesh is not unthinkable, just ETOOHARD too manage because of how
removed from the user DNS is.)

This leads me to believe that letting TOFU vs. trust mesh vs. trust
hierarchy lead us to having two end-to-end e-mail security standards
was a mistake, and the trust model discussion is mostly a red herring.


The question is, how much of this is protocol machinery and how much UI 
design? Maybe we need to put the main e-mail app developers into a room and 
not let them out until they have prototypes of usable TOFU *and* hierarchical 
security in their apps :-) I’m joking of course, but it is also true that if 
the industry needs to do something, they have in many cases come together 
even as competing entities, and taken on the challenge. Interops, world v6 
launch, etc. But I’m not the expert. You guys are - what would help?


For e-mail the protocol is completely separable from the trust model.
Trust hierarchy does not let the UI off the hook, so we might as well
design UIs supporting all PK trust models, not just one.  After all,
an MUA that implements S/MIME and PGP will have to anyways...

Nico
--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FROM or PAID international CLI, matthew.pearson
Next by Date:  RE: Gen-ART review of draft-ietf-jose-json-web-signature-33, Mike Jones
Previous by Thread:  Re: email standards, Jari Arkko
Next by Thread:  Re: email standards (was: Re: facilitators at ietf(_at_)ietf(_dot_)org), John C Klensin
Indexes:  [Date] [Thread] [Top] [All Lists]