Some comments, only.

On 30/08/13 11:11 AM, Ray Dillinger wrote:


Okay...

User-side spec:

1.  An email address is a short string freely chosen by the email user.
     It is subject to the constraint that it must not match anyone else's
     email address, but may (and should) be pronounceable in ordinary
language
     and writable with the same character set that the user uses for
writing.
     They require extension with a "domain" as current email addresses do,
     but not a "domain name" in the IETF sense; just a chosen disambiguator
     (from a finite set of a million or so) to make name collisions less of
     a problem.

2.  An email user may have more than one email address.  In fact s/he can
     make up more email addresses at any time.  He or she may choose to
associate
     a "tagline" -- name, handle, slogan or whatever -- with the address.


An email user may have one or more identities... (confusion between email addresses, keys, chat handles, etc).


3.  When an email user gets an email, s/he is absolutely sure that it comes
     from the person who holds the email address listed in its "from" line.
     S/he may or may not have any clue who that person is.  S/he is also
     sure that no one else has seen the contents of the email.  The
"tagline"
     and email address are listed in the "from:" line.


This requirement is troubling, and it has bedevilled many systems because it has artificially locked them into perfect traffic analysis, low key agility, poor economics, and messy identity semantics.

It typically is an assumption of the email providers that an email address must have a certificate, and this allows the certificate to be 'checked' against the email address. But it is not necessary nor particularly effective.

A better requirement might be worded:

When a user receives an email, she is sure that it comes from the stated identity as found in the address book. The stated identity may not be related to the "from" line.

4.  A user has an address book. The address book can be viewed as a
whole or
     as seen by just one of the user's email addresses.  IOW, if you
have an
     email address that you use for your secret society and a different
email
     address that you use for your job, you can choose to "be" one or
the other
     and your address book will reflect only the contacts that you have
seen
     from that address or have been visible to under that address.

5.  A mail client observes all email addresses that go through it.


all identities (email addresses and/or keys)...


When a
     user receives mail from someone who has not directly sent them mail
before,
     the client opens a visible entry in the address book and makes
available
     a record of previous less-direct contacts with that address, for
example
     from posts to mailing lists, from CC: lists on emails, etc.  The
client
     also makes visible a list of possible contact sources; places where
the
     correspondent may have seen the address s/he's writing to.
However, often
     enough, especially with cases where it's a "scribbled on a napkin"
address,
     the client just won't know.

6.  When a user sends mail, s/he knows that no one other than the holder of
     the address/es s/he's sending it to will see the body of the mail,
and also
     that the recipient will be able to verify absolutely that the mail
did in
     fact come from the holder of the user's address.


This needs to nailed down, otherwise the system falls into the abyss of digital signatures. What this means (at a lower level) is that every mail is digitally signed by the sender. It needs to be stated that the signature of the sender's key means that the message came from the sender's key, and not anything else. Especially, it is not a signed contract, not a non-repudiable bla bla, and is not even a proof that the person sent the message (without significant other support).

That is, the digsig is a low-level protocol tool, not a legal digital signature.

Also, to bed in a complete understanding, a separate requirement 6.b should be added for a second signing process using separate "signing keys" following the notions expressed in (eg) EU digital signature directive (eg) OpenPGP cleartext signing. However, this should be clearly stated as optional, as such digital signatures are fraught, and if not optional, the system will fail to be implemented and be accepted.





iang

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to