From nobody Wed Oct 1 02:52:28 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A6EB1ACD3B for ; Wed, 1 Oct 2014 02:52:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1aY1HqCLSDGa for ; Wed, 1 Oct 2014 02:52:21 -0700 (PDT) Received: from strange.aox.org (strange.aox.org [80.244.248.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79AB1ACD39 for ; Wed, 1 Oct 2014 02:52:20 -0700 (PDT) Received: from fri.gulbrandsen.priv.no (localhost [127.0.0.1]) by strange.aox.org (Postfix) with ESMTP id 5FF5CFA00CD; Wed, 1 Oct 2014 09:52:17 +0000 (UTC) Received: from arnt@gulbrandsen.priv.no by fri.gulbrandsen.priv.no (Archiveopteryx 3.2.0) with esmtpsa id 1412157136-20915-20914/12/307; Wed, 1 Oct 2014 09:52:16 +0000 From: Arnt Gulbrandsen To: endymail@ietf.org Date: Wed, 1 Oct 2014 11:52:16 +0200 User-Agent: Trojita/v0.4.1-243-g4a74770; Qt/4.8.6; X11; Linux; Ubuntu 14.04.1 LTS Mime-Version: 1.0 Message-Id: <5d07bca4-fe72-4a80-bc32-5ad95e6805bc@gulbrandsen.priv.no> In-Reply-To: References: <20140928145904.GB3548@vegoda.org> Content-Type: text/plain; charset=utf-8; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/fX5pdQVn7ESEnU5UbwhtFSAt1CU Subject: Re: [Endymail] How an endymail eco-system might incorporate web of trust features X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2014 09:52:23 -0000 On Monday, September 29, 2014 3:09:01 PM CEST, Phillip Hallam-Baker wrote: > If you want regular people to use end to end encrypted email, the risk > that they lose access to their data and their pics is vastly more > serious than the risk of government intercept. Perhaps, but as usual perception may differ, and perception governs use. If the government's attitude is "collect it all" and there have been scandals about the misuse of similar data, then one can quite reasonably say: "I may lose data. But I know the government will misuse data. Will beats may." Arnt From nobody Wed Oct 1 05:56:14 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D31AC1A037D for ; Wed, 1 Oct 2014 05:56:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.278 X-Spam-Level: X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95lLXCjonKDM for ; Wed, 1 Oct 2014 05:56:12 -0700 (PDT) Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com [IPv6:2a00:1450:4010:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC221A036C for ; Wed, 1 Oct 2014 05:56:11 -0700 (PDT) Received: by mail-la0-f44.google.com with SMTP id gb8so261101lab.31 for ; Wed, 01 Oct 2014 05:56:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=tFCWHWAXKkaSLkrMSlWpYlgRAaNBHOhEhYl28+Di2ow=; b=Q8zFiKIOjpJyXubemj7Uf/016e/YZT8z1kV35zhL1/mJuB9orwZWy7c/5iIBSPplz1 xFRm8v9Oi3lh8cGX3LDixJEXnMXnTL187otZ09ZsZqi/ITogsnAgZOxuSEdDfe98iSBx Z85L2sj3qWBhuBMOV/3dTrONp6+9FKv7l7QmOaZpzKdeXgeyTgXpI9rOvXO+iIS1X+Kc Zum62I1Y8Y14GoQcDxXsDCOETbJtY7Nd11jecub1NQJvEzGl/QLKWcEOEuUhziZ2kWRX 3Z9OcKqvKtRoqfOCGCbO6M/6791jw9D1503LQB7pI0W0INjJXNzA/A2RULxPjIWbdvvm vb3w== MIME-Version: 1.0 X-Received: by 10.152.26.133 with SMTP id l5mr56109799lag.4.1412168169124; Wed, 01 Oct 2014 05:56:09 -0700 (PDT) Sender: hallam@gmail.com Received: by 10.112.122.14 with HTTP; Wed, 1 Oct 2014 05:56:09 -0700 (PDT) In-Reply-To: <5d07bca4-fe72-4a80-bc32-5ad95e6805bc@gulbrandsen.priv.no> References: <20140928145904.GB3548@vegoda.org> <5d07bca4-fe72-4a80-bc32-5ad95e6805bc@gulbrandsen.priv.no> Date: Wed, 1 Oct 2014 08:56:09 -0400 X-Google-Sender-Auth: o3wj-m1f5srQdVcrMm2iEYlgORQ Message-ID: From: Phillip Hallam-Baker To: Arnt Gulbrandsen Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/D-LqNctvaUJX6quKm2OmmqvNoPA Cc: endymail Subject: Re: [Endymail] How an endymail eco-system might incorporate web of trust features X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2014 12:56:14 -0000 On Wed, Oct 1, 2014 at 5:52 AM, Arnt Gulbrandsen wrote: > On Monday, September 29, 2014 3:09:01 PM CEST, Phillip Hallam-Baker wrote: >> >> If you want regular people to use end to end encrypted email, the risk >> that they lose access to their data and their pics is vastly more >> serious than the risk of government intercept. > > > Perhaps, but as usual perception may differ, and perception governs use. > > If the government's attitude is "collect it all" and there have been > scandals about the misuse of similar data, then one can quite reasonably > say: "I may lose data. But I know the government will misuse data. Will > beats may." > > Arnt That is why it is a choice. But remember that the brief here is to prevent the illegal use of government wiretapping capabilities and in particular end military intercept capabilities. The number of generals who have staged coups against democracies in the name of protecting democracy is very long. Preventing covert intercept and bulk intercept are the common concern. Preventing a lawful disclosure of stored data under court order is another issue entirely. From nobody Thu Oct 2 08:03:19 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A7BA1A1B75 for ; Thu, 2 Oct 2014 08:03:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.988 X-Spam-Level: X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_50=0.8, GB_I_INVITATION=-2, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9HUp5cS8qab for ; Thu, 2 Oct 2014 08:03:13 -0700 (PDT) Received: from sheliak-1.upu.int (sheliak-1.upu.int [193.247.49.11]) by ietfa.amsl.com (Postfix) with ESMTP id 6E71A1A19FE for ; Thu, 2 Oct 2014 08:03:12 -0700 (PDT) Received: from TEX01.upu.ch (unknown [193.247.49.156]) by sheliak-1.upu.int (Extensible Content Security) with ESMTP id 80DA262FF3F24CF5 for ; Thu, 2 Oct 2014 17:03:11 +0200 (CEST) Received: from TEX02.upu.ch ([169.254.2.201]) by TEX01.upu.ch ([169.254.1.143]) with mapi id 14.03.0195.001; Thu, 2 Oct 2014 17:03:11 +0200 From: DAMY gustavo To: "endymail@ietf.org" Thread-Topic: RFI for secure e-mail Thread-Index: Ac/eUccQLKcNxkeHRWGWlBGy/Q9t0Q== Date: Thu, 2 Oct 2014 15:03:10 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [193.247.55.154] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received-SPF: none Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/uM-YXM0icbXass3ijSEM8wjAc6k Subject: [Endymail] RFI for secure e-mail X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Oct 2014 15:03:18 -0000 Dear all, The UPU (Universal Postal Union) has launched a public Request for Informat= ion (RFI) to gather information from the market on .post secure e-mail solu= tions.=20 =20 This RFI is an open invitation for any organization to share knowledge that= will help the UPU and its members develop the concept for an industry-wide= secure email service in line with the capabilities of the market and the p= rinciples decided by the DPG. For further information, please refer to the= link http://www.upu.int/uploads/tx_sbdownloader/nonBindingCallForTendersEn= .pdf=20 Gustavo Damy From nobody Sun Oct 5 08:57:52 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8488D1A0033 for ; Sun, 5 Oct 2014 08:57:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.787 X-Spam-Level: X-Spam-Status: No, score=-0.787 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RP_MATCHES_RCVD=-0.786] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XTc64vA-uw9Y for ; Sun, 5 Oct 2014 08:57:48 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D58E1A002D for ; Sun, 5 Oct 2014 08:57:48 -0700 (PDT) Received: from lo.psyced.org (localhost [127.0.0.1]) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id s95FvtUb027974 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 5 Oct 2014 17:57:55 +0200 Received: (from lynx@localhost) by lo.psyced.org (8.14.3/8.14.3/Submit) id s95FvsUE027973 for endymail@ietf.org; Sun, 5 Oct 2014 17:57:54 +0200 Date: Sun, 5 Oct 2014 17:57:54 +0200 From: carlo von lynX To: endymail@ietf.org Message-ID: <20141005155754.GA27470@lo.psyced.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/YbEP-16ZSWaki4ieVAwk2_1IiFs Subject: [Endymail] Onion Routing over SMTP.. impossible by design? X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2014 15:57:50 -0000 Hello everyone, I was pointed here by Hannes and Stephen - some may remember me from IMPP, STRINT or recently IPEN. As a side note please acknowledge the updated version of http://youbroketheinternet.org/secure-email with more reasonable information concerning Key Management and a more accurate list of post-SMTP mailing systems, in particular the ones using the Public-Key Routing paradigm (Re: What are the problems?). What I specifically want to talk about in this thread is the "Onion Packaging?" in Dave's slides (number 9): http://www.ietf.org/proceedings/90/slides/slides-90-saag-2.pdf Onion routing works by letting the sender pack up the crypto layers for each inbetween node up to the final recipient. If SMTP were to allow that, it would re-introduce relaying which used to be its favorite backdoor for SPAM. The only way for an MDA to receive a message from somewhere, decrypt it, then find out it needs to forward it to another MDA, would be to have a large view of the social graph of users and .. erm.. servers.. in order to know that if the message came from eris it is probably safe to forward on to tolsun. To me this sounds like a catastrophe waiting to happen since SMTP by default has no trust architecture, thus any onion routing would open up large windows of opportunity for spammers since once the SPAM has arrived at destination, the recipient can no longer figure out where it originated from - thus there is no way of protecting yourself. All Tor-and PK-routing based systems have solved this by requiring pubsub relationships, thus making SPAM at worst annoying, but ineffective at its primary intent. If I'm not mistaken, it is impossible to implement metadata protection on top of SMTP while also maintaining compatibility to its subscription-free transmission model. Any mistakes in my reasoning? Best from Berlin, CvL -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet From nobody Sun Oct 5 10:51:04 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E7D41A0406 for ; Sun, 5 Oct 2014 10:51:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.379 X-Spam-Level: X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qcgz0kzCsT-u for ; Sun, 5 Oct 2014 10:51:01 -0700 (PDT) Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCB911A03D0 for ; Sun, 5 Oct 2014 10:51:01 -0700 (PDT) Received: by mail-ie0-f175.google.com with SMTP id x19so2138873ier.6 for ; Sun, 05 Oct 2014 10:51:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=aJQld9uBHGo4u6TwlmGz/tTgfmOGiTFqptNlENJ+S0w=; b=VnOOOaPdINPYWfza5r+6e4eZQa0u8jdjTCCvH3BtOJ/olbg/NhNJAGKVm3WTUhwGc/ 1MsRtcRd700bxOTbAeunOEdT3v8p4xWIzCie85Fr9HENVH3uI/m27VL59aWiK1jWHjns 64mDKUexGIA/BGPUAJq0Y+GfcaO42c1WvJeow= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=aJQld9uBHGo4u6TwlmGz/tTgfmOGiTFqptNlENJ+S0w=; b=dpi2RP+stXTxnB0HaRuByJbqYwcRV2DaNZNWkMAH2Y70UH8efyvVLOQHoWAnj6infL u/zcf79MNKGmPXDRWvbhu5BYqeDXsZyZeoNj0YEbgZe5i4lNivSSZDPPj5o0uucXeh/k ppfM5raZPBT6fDzcqyCQpUNIJMEf6Wb31uAc4hKA5y34ELBtIlAjm2A6vOuix7lL0x5W c1qs8uTVAmuJQPWj5/BUnmgm20dmRbVcN2NITpmof+sVawm/ncXTk4JRgPL6505dQSix BIec2aUX4w2KB+JJj2iputd23kVCn+bYaFyMhZ++1iBpRjoUiXg5qOW51nJZIy6paSRz 4fGw== X-Gm-Message-State: ALoCoQndv2FVaZplqJzpHJbP2cmHK8E8e6Pqnw81zHUFwZoccpxWP8pZXgryGPEQHENbD8uvJ/RK X-Received: by 10.50.73.163 with SMTP id m3mr14921471igv.28.1412531461046; Sun, 05 Oct 2014 10:51:01 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.17.15 with HTTP; Sun, 5 Oct 2014 10:50:40 -0700 (PDT) In-Reply-To: <20141005155754.GA27470@lo.psyced.org> References: <20141005155754.GA27470@lo.psyced.org> From: Tom Ritter Date: Sun, 5 Oct 2014 12:50:40 -0500 Message-ID: To: carlo von lynX Content-Type: text/plain; charset=ISO-8859-1 Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/fynAuf_dNo8zkTvoog8DRgSAlfo Cc: endymail@ietf.org Subject: Re: [Endymail] Onion Routing over SMTP.. impossible by design? X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2014 17:51:03 -0000 On 5 October 2014 10:57, carlo von lynX wrote: > Onion routing works by letting the sender pack up the crypto > layers for each inbetween node up to the final recipient. If > SMTP were to allow that, it would re-introduce relaying which > used to be its favorite backdoor for SPAM. Indeed, when Onion Routing (well, Mix Networks, similar but different) were built for SMTP, they were used for spam and abuse. As well as legitimate traffic of course. > The only way for an MDA to receive a message from somewhere, > decrypt it, then find out it needs to forward it to another MDA, > would be to have a large view of the social graph of users and > .. erm.. servers.. in order to know that if the message came > from eris it is probably safe to forward on to tolsun. You need a directory of servers, yes. Users, no. > To me this sounds like a catastrophe waiting to happen since > SMTP by default has no trust architecture, thus any onion > routing would open up large windows of opportunity for spammers > since once the SPAM has arrived at destination, the recipient > can no longer figure out where it originated from - thus there > is no way of protecting yourself. Spam detection does not _have_ to rely on originating source, although obviously that's a large input to a spam detection system. The popularity of the system also affects it's spam rate. In the existing, small, unpopular SMTP-onion-routing systems deployed today (again, technically mix networks), I receive a very high degree of signal-to-noise-ratio of messages, because they are not in popular use. > All Tor-and PK-routing based systems have solved this by requiring > pubsub relationships, thus making SPAM at worst annoying, but > ineffective at its primary intent. I'm not clear what you mean here. In my mind, Tor is not set up as a publisher-subscriber relationship at all, but perhaps you mean something different. > If I'm not mistaken, it is impossible to implement metadata > protection on top of SMTP while also maintaining compatibility > to its subscription-free transmission model. > > Any mistakes in my reasoning? I feel like you've made an assertion: "it is impossible to implement metadata protection on top of SMTP..." but not supported it very strongly. One, you talk only of Onion Routing - but that is merely one mechanism of metadata protection. There is also Broadcast Transmission, Mix Networks, and other more complicated systems like PIR. Two: It is impossible to prove a negative, that something must not exist or not be possible. I think there are a multitude of systems that have been designed or could be designed that would feed into this debate. If you want to make an assertion that something is impossible, I would expect a more descriptive exploration of the problem space, and attempting to address several potential ideas and why they do not work. For example: Mix Networks for SMTP (remailers) have existed since the late 90s, with one network still deployed and being developed (slowly) - Mixmaster. A second more sophisticated one was also built and deployed (Mixminion). nymservs, allowing anonymous email recipient (instead of delivery) have also evolved over the years, with several deployments, versions, and academic papers written about them (like Pynchon Gate). And shared mailboxes (alt.anonymous.messages) is a reasonably well workable system for certain types of communication, absent easy-to-use tooling for it that leads to various security failures. Finally, systems like Persona and Pond provide metadata protection in related situations that may inform a new evolution of email, existing side-by-side traditional SMTP. I think it's entirely reasonable to say "I don't see a way this would work" - indeed there are some hard problems in the space, followed by the additional problems of developing robust codebases and large-scale deployment. But there are multitude of architectures out there and I'm hopeful that by learning and borrowing from each, we can find a system that provides the protections people want to achieve, indistinguishable as possible, allocating the burden appropriately. -tom From nobody Sun Oct 5 13:01:07 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D334F1A1B00 for ; Sun, 5 Oct 2014 13:01:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.686 X-Spam-Level: X-Spam-Status: No, score=-0.686 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, J_CHICKENPOX_14=0.6, RP_MATCHES_RCVD=-0.786] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4Cy5V_3ZGBN for ; Sun, 5 Oct 2014 13:01:04 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4019B1A1AFD for ; Sun, 5 Oct 2014 13:01:02 -0700 (PDT) Received: from lo.psyced.org (localhost [127.0.0.1]) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id s95K1DjB031424 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 5 Oct 2014 22:01:14 +0200 Received: (from lynx@localhost) by lo.psyced.org (8.14.3/8.14.3/Submit) id s95K1D8o031423 for endymail@ietf.org; Sun, 5 Oct 2014 22:01:13 +0200 Date: Sun, 5 Oct 2014 22:01:13 +0200 From: carlo von lynX To: endymail@ietf.org Message-ID: <20141005200113.GA29776@lo.psyced.org> References: <20141005155754.GA27470@lo.psyced.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/UgTnfLg2AQWbJ6LeFkZzv9izZU8 Subject: Re: [Endymail] Onion Routing over SMTP.. impossible by design? X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2014 20:01:06 -0000 On Sun, Oct 05, 2014 at 12:50:40PM -0500, Tom Ritter wrote: > Spam detection does not _have_ to rely on originating source, although > obviously that's a large input to a spam detection system. The Indeed, considering that future SPAM would be encrypted to the end recipient, so spam assassination has to happen on the end system. Defeats models that detect SPAM by the way it looks similar while being delivered to a multitude of recipients. > > All Tor-and PK-routing based systems have solved this by requiring > > pubsub relationships, thus making SPAM at worst annoying, but > > ineffective at its primary intent. > > I'm not clear what you mean here. In my mind, Tor is not set up as a > publisher-subscriber relationship at all, but perhaps you mean > something different. Pond, the mail system you mentioned, uses Tor hidden services and requires a subscription/authentication exchange before being able to mail. > I feel like you've made an assertion: "it is impossible to implement > metadata protection on top of SMTP..." but not supported it very I started a discussion posing that question.. could it be it isn't actually feasible..? Indeed from a scientific point of view quite unlikely to be a provable statement. > strongly. One, you talk only of Onion Routing - but that is merely > one mechanism of metadata protection. There is also Broadcast > Transmission, Mix Networks, and other more complicated systems like I specifically asked about onion routing since I wish Bitmessage good luck in finding a way to segment the broadcast space but I doubt that approach to be viable over the existing SMTP system. Mix networks have the disadvantage of requiring trust from their users, correct? In a world where computing centers can receive a knock on the door and servers be systematically, especially virtual ones, tapped with memory scanning for private keys... I did not intend to speak about that model. I am thinking of an SMTP-based onion routing system where the SMTP hosts act like relay nodes and the MUA creates the message encrypted to all in-between relay hops. The optimization suggested by the authors of PIR-Tor is applicable, but doesn't affect the challenge of getting it to work with the existing SMTP federation. I'm not saying that mixing and broadcast is scientifically absurd, but sufficiently uninteresting within my personal judgement, so I am asking specifically what I find interesting. > PIR. Two: It is impossible to prove a negative, that something must > not exist or not be possible. I think there are a multitude of Luckily I'm not trying to prove it, just gathering some good thinking on the topic. > systems that have been designed or could be designed that would feed > into this debate. If you want to make an assertion that something is > impossible, I would expect a more descriptive exploration of the > problem space, and attempting to address several potential ideas and > why they do not work. That's why I am glad you gave such an exhaustive reply. Let's dig deeper into the problem space. > I think it's entirely reasonable to say "I don't see a way this would > work" - indeed there are some hard problems in the space, followed by Sure, if we include post-SMTP systems I know that solutions are feasible but I was very specifically wondering if the backwards compatibility with SMTP's presumption that you can mail anyone anytime breaks the scheme of onion routing approaches. Thinking it through it seems to me a bit like a time bomb. You can start using a new mailbox with a new public key and share these with your contacts - but the moment any of your contacts gets her device p0wned by a secret service or other malware deployer, your mailbox can be DoSsed with epic amounts of SPAM and only the end node would have a vague chance of distinguishing signal from noise. Sure, this isn't a very scientific assertion, but to me it sounds like doing Onion Routing on top of a network of SMTP servers is a very bad idea. -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet From nobody Sat Oct 11 08:02:21 2014 Return-Path: X-Original-To: endymail@ietfa.amsl.com Delivered-To: endymail@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 262241A911F for ; Fri, 10 Oct 2014 11:20:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.626 X-Spam-Level: ** X-Spam-Status: No, score=2.626 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DATE_IN_PAST_12_24=1.049, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FSL_HELO_BARE_IP_2=1, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_NUMERIC_HELO=1.164, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQ77rYF4dhkD for ; Fri, 10 Oct 2014 11:20:08 -0700 (PDT) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B889E1A8910 for ; Fri, 10 Oct 2014 11:20:06 -0700 (PDT) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XcenL-0004gI-ES for endymail@ietf.org; Fri, 10 Oct 2014 20:20:03 +0200 Received: from 50.245.141.77 ([50.245.141.77]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 10 Oct 2014 20:20:03 +0200 Received: from eternaleye by 50.245.141.77 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 10 Oct 2014 20:20:03 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: endymail@ietf.org From: Alex Elsayed Date: Thu, 09 Oct 2014 14:54:23 -0700 Lines: 6 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 50.245.141.77 User-Agent: KNode/4.13.1 Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/6Ea6FcBxSqjld2CoFpXFwewsULQ X-Mailman-Approved-At: Sat, 11 Oct 2014 08:02:16 -0700 Subject: Re: [Endymail] How an endymail eco-system might incorporate web of trust features X-BeenThere: endymail@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Oct 2014 18:20:09 -0000 Phillip Hallam-Baker wrote: > [We don't have a name for the person sending Alice spam, I suggest > [Spaulding] Or perhaps [Sanford]