On Thu, Feb 9, 2012 at 7:16 AM, Phillip Hallam-Baker <[email protected]> wrote: > Agreed, but!
No but, we agree on the rest regarding e-mail as well, and some of what you say is a restatement of what I said. You go further and note that the very fact that PGP and such public keys and capabilities are divorced from the MUAs is the problem -- something I hadn't noticed last night, but I agree. > Let us drop the end to end ideology in the dustbin and accept that > email is an MTA to MTA protocol, or to be more precise it is three > protocols: I'm happy to drop the end-to-end principle where it can't be applied. E-mail is mostly such a case (I say mostly because for a very, very small group of people PGP has worked well enough). > So now we see why security policy driven by MUA published security > policy is going to fail: there is no consistency in the MUA loop. I Indeed. There's no way to ensure that all your MUAs have the same capabilities. I regularly use four different MUAs myself. > read mail on four separate devices. They have no way to communicate > between themselves to negotiate a common security policy and I > certainly would not want them to. > > Conclusion: > > 1) Security policy is a property of MTAs and not MUAs and hence of > domains and not accounts. > > 2) We need a security policy layer for the internet as a whole and not > just for what people imagine to be the 'Web' or 'email' portions > thereof. This is a problem caused by stovepipe thinking and > non-my-problemism. Perhaps you're not communicating your vision of (2) very well. I'm not entirely sure what you mean, and I'm dubious of any one-size-fits-the-Internet scheme (if that's what you have in mind). > [...] > Add the capability for MTAs to publish policy and we can establish a > hop-by hop security mechanism that covers each of the three mail > interactions in three separate end-to-end sessions. Right. This is a case where hop-by-hop security is the best we can do. > Getting back to the bigger problem, no this is not solving all the > problems we are seeing in the Web space. But it is solving a pretty > big one there. Web security is harder to improve than email security > because we already have quite a bit of Web security and very little > email security. I agree with this as well. The web also has lots of end-to-end-ness, though HTTP doesn't require it, and, indeed, encourages middle boxes. And we also use the web for different purposes than e-mail. I don't think the hop-by-hop security argument applies quite as well to the web... For the web we really want end-to-end security (with the server's concentrator being thought of as part of the server). I'm open to arguments to the contrary. Perhaps you'd suggest hop-by-hop security where the hops are client<->ISP<->server? Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
