ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

it's not end-to-end *versus* hop-by-hop for email (was: Re: E-Mail Protocol Security Measurements)

2015-08-02 13:49:05
from [Stephen Farrell] [Permanent Link] 

I just want to disagree with what I think is a false dichotomy
that you presented.

On 02/08/15 17:07, John C Klensin wrote:

 However,
we shouldn't make arguments for good-quality link encryption
that have the effect of convincing people (even the fairly
naive) that it makes either end-to-end content encryption or
relay server hardening unnecessary or undesirable. 


We should make arguments for use of TLS in mail. Deploying
that provides real security and privacy benefits. And there
are real improvements happening today in terms of deploying
TLS in mail. I say encourage that as much as possible.

For the niches where PGP or SMIME is usable, we should of
course also promote use of those technologies *in addition
to* TLS for securing mail transport. That is very much "in
addition to" and not "versus."

IOW, we should promote use of mail transport security
everywhere and of PGP and SMIME anywhere those can be used.

We separately need to work on providing much more widely
usable end-to-end security for email. Neither PGP nor SMIME
have worked well enough to get widely deployed and we
should recognise that fact. And one of today's most common
kinds of MUA (web mail) was never considered in the design
of PGP or SMIME, and the need to support such MUAs breaks
or almost breaks any e2e security one gets with our current
standard e2e email security protocols.

We cannot therefore credibly argue for widespread deployment
of end-to-end security for email today. I wish that were not
the case, but it is the case.

So "don't promote TLS in case that slows deployment of PGP or
SMIME" is not a good argument - the dichotomy is false as the
wide deployment of PGP or SMIME providing e2e security is not
possible.

We have a (sadly quiescent) mailing list [1] for discussion
of new end-to-end email security. I'd love to see discussions
there as to how to improve the e2e situation.

But I would if "fix e2e email security" was ever seen as a
precursor to better deployment of mail transport security. That'd
be entirely counter-productive.

While it is sometimes understandable that folks make the error
of arguing for the perfect and that being the enemy of the good,
I really don't want to see us argue for the unusable as the
enemy of the good.

Cheers,
S.

[1] https://www.ietf.org/mailman/listinfo/endymail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: E-Mail Protocol Security Measurements, John C Klensin
Next by Date:  Re: it's not end-to-end *versus* hop-by-hop for email (was: Re: E-Mail Protocol Security Measurements), Viktor Dukhovni
Previous by Thread:  Re: E-Mail Protocol Security Measurements, John C Klensin
Next by Thread:  Re: it's not end-to-end *versus* hop-by-hop for email (was: Re: E-Mail Protocol Security Measurements), Viktor Dukhovni
Indexes:  [Date] [Thread] [Top] [All Lists]