Re: the curse of the S(imple) protocols, was: Re: e2e

[SM <sm at resistor.net>]

At 06:50 17-08-2007, Iljitsch van Beijnum wrote:
> Then again, misspelled fishing would be an order of magnitude harder
> if banks and retailers started using S/MIME, which is widely
> implemented today, but they can't be bothered, so it looks like
> protocol design isn't going to save the world any time soon.

Right.

You picked a very apt subject line.  It's a simple protocol, it's 
easy to use and above all, it's cheap.  But when you are dealing with 
financial transactions, you're putting your customers at risk then as 
there is no way for them to determine the authenticity of the message.

At 07:09 17-08-2007, John C Klensin wrote:
> Individuals with small mail domains struggle along, resisting
> being forced to either give up and join up with those large
> providers and ideas that would inevitably make email costly to
> them on a per-message basis.   But the key institutions that get

Some people see using a large provider as better than running a mail 
server for a small domain.  After all, it's free.  But it may not be 
free tomoFrom ietf-bounces at ietf.org Fri Aug 17 19:23:07 2007
Return-path: <ietf-bounces at ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1IMB86-0003Ot-F0; Fri, 17 Aug 2007 19:21:22 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43) id 1IMB84-0003Oj-BL
	for ietf at ietf.org; Fri, 17 Aug 2007 19:21:20 -0400
Received: from ns1.qubic.net ([208.185.248.67])
	by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IMB83-0002nH-S3
	for ietf at ietf.org; Fri, 17 Aug 2007 19:21:20 -0400
Received: from subman.resistor.net ([10.0.0.1]) (authenticated bits=0)
	by ns1.qubic.net (8.14.2.Alpha0/8.14.2.Alpha0) with ESMTP id
	l7HNKxP0004441
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <ietf at ietf.org>; Fri, 17 Aug 2007 16:21:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail;
	t=1187392878; x=1187479278; bh=CJyGhMShOiQr1u4OEjBdhQlO6YpIoJxfF7PS
	Kdy/GTw=; h=DomainKey-Signature:Message-Id:X-Mailer:Date:To:From:
	Subject:In-Reply-To:References:Mime-Version:Content-Type:Cc; b=yNZ
	RxKBqpFvrcd3WdIketdc3+FbT72MgmdEra0wbZBLkPUuyacLqnjQ42HT/BsZzj692dB
	NJ3CD0CV6d+u5s6FaZENuLuWntSDQgm+JOMVXR+P/WXFKmijdH1ST4zmAiKvryD5ESl
	Y1S7YmlTyhgUeZ2TcEH/5xbwbPTS07IJrw=
DomainKey-Signature: a=rsa-sha1; s=mail; d=resistor.net; c=simple; q=dns;
	b=0RRWjLVmSUNnV6ZtulO8b9UT8JjVyLD74E+GMrjrutpIwts0UKGkbAOaVS5J57VYE
	l1vQ0M/v+1C5qRuwget68ghpInW6NYfzcAeTPuMf0mkZtKMoPJL1s1H6nUYxI/hIq0R
	XhPU6dkWJCA5hgMDqRnuPrdDHl63coq4rmybU+A=
Message-Id: <6.2.5.6.2.20070817151725.02e7d138 at resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 17 Aug 2007 16:18:34 -0700
To: ietf at ietf.org
From: SM <sm at resistor.net>
In-Reply-To: <BDB4FDEA-273D-4D91-9CD3-089865284891 at muada.com>
References: <198A730C2044DE4A96749D13E167AD3701341995 at MOU1WNEXMB04.vcorp.ad.vrsn.com>
	<8244E3BE-1A26-4B0A-99DC-0DF7AF7F8810 at cisco.com>
	<46C29647.5070202 at qualcomm.com>
	<FABD8E3A-D5CF-4EED-927B-A039BCAEE90C at cisco.com>
	<46C36461.2060907 at cs.utk.edu> <46C36599.9040907 at cisco.com>
	<D03E4899F2FB3D4C8464E8C76B3B68B0DBB6F4 at E03MVC4-UKBR.domain1.systemhost.net>
	<6.2.5.6.2.20070816104133.02bbb2f0 at resistor.net>
	<F8AE6F9E-4CE0-43B2-B209-28707DE0C0AE at muada.com>
	<46C59B00.8040601 at cs.utk.edu>
	<BDB4FDEA-273D-4D91-9CD3-089865284891 at muada.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Subject: Re: the curse of the S(imple) protocols, was: Re: e2e
X-BeenThere: ietf at ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request at ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf at ietf.org>
List-Help: <mailto:ietf-request at ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request at ietf.org?subject=subscribe>
Errors-To: ietf-bounces at ietf.org

At 06:50 17-08-2007, Iljitsch van Beijnum wrote:
> Then again, misspelled fishing would be an order of magnitude harder
> if banks and retailers started using S/MIME, which is widely
> implemented today, but they can't be bothered, so it looks like
> protocol design isn't going to save the world any time soon.

Right.

You picked a very apt subject line.  It's a simple protocol, it's 
easy to use and above all, it's cheap.  But when you are dealing with 
financial transactions, you're putting your customers at risk then as 
there is no way for them to determine the authenticity of the message.

At 07:09 17-08-2007, John C Klensin wrote:
> Individuals with small mail domains struggle along, resisting
> being forced to either give up and join up with those large
> providers and ideas that would inevitably make email costly to
> them on a per-message basis.   But the key institutions that get

Some people see using a large provider as better than running a mail 
server for a small domain.  After all, it's free.  But it may not be 
free tomorrow and it may turn into an expensive communication medium for them.

> message and not the transport.  If the primary concern is
> communications between a financial institution with which the
> user already has an account (or equivalent relationship) and
> that user, we don't even have the usual PKI problems: one can
> deliver a sender key or cert out of band, validate it, and be
> finished.

There are ways to validate the sender the first time you establish a 
contact.  Once that is done, you can use it to validate future 
communication you receive from that correspondent.

Regards,
-sm 


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf