Hi Scott, I think we can raise the bar here wrt spammers. I think it reasonable to publish policy if you require inbound inspection as a default. You can always set an exception for supersensitive content but you don't need to publish that. Plasma does allow the mail agent to establish the authenticity of the data without decryption because we will have a detached signature on the outside. If someone sends to a domain who publishes the policy for inbound inspection as a default and they don't permit access or the receiver doesn't like the domain where the email comes from it then the receiver can reject or drop the email. We will call that out in the security considerations.
Trevor -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Fitch, Scott C Sent: Saturday, August 06, 2011 2:39 PM To: '[email protected]' Subject: Re: [plasma] Security Boundary Inspection - outgoing messages I think it makes sense to include in the same section as inbound inspection. Though plasma makes outbound inspection much easier over traditional s/mime, it doesn't help inbound spam filtering. Yes, partner enterprises or large ISPs may (pre)authorize messages goings to each other (which helps with malware proliferation). But I doubt that any spammer would be so kind. So we'll still have to rely heavily on other techniques for inbound messages. ------ Sent from my BlackBerry ----- Original Message ----- From: Jim Schaad [mailto:[email protected]] Sent: Saturday, August 06, 2011 01:59 AM To: Fitch, Scott C; [email protected] <[email protected]> Subject: EXTERNAL: RE: [plasma] Security Boundary Inspection - outgoing messages Do you feel this needs to be a separate scenario, or can we just include it as part of the current e-mail pipelineing section and discussion transitions across boundaries in both directionsl Jim > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Fitch, Scott C > Sent: Thursday, August 04, 2011 1:38 PM > To: [email protected] > Subject: [plasma] Security Boundary Inspection - outgoing messages > > A scenario that is missing from the v02 of the document is the ability > to scan > outgoing messages. Plasma offers a huge improvement over current > S/MIME implementations. This capability is definitely of interest to organizations who > want to know what information is leaving their security boundaries via email. > I recommend adding it as an additional scenario to the document and > would be willing to help write it up if needed. > > > Scott Fitch > Cyber Architect > Lockheed Martin Enterprise Business Services > > > _______________________________________________ > plasma mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/plasma _______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma _______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma
