--On Sunday, 30 July, 2023 23:29 -0400 Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > On 7/30/23 17:27, John C Klensin wrote: > >> * As John Levine more or less pointed out below, getting >> encryption right means finding mutual understandings and >> understanding what will inevitably be a somewhat delicate >> balance. > > Emphatically disagree with both of you. Keith, Not quite certain what you are disagreeing with. Should I have been more explicit that, when I said "getting encryption right", I was not just referring to the underlying science and/or engineering but to understanding and working with the tradeoffs in the real world, including the observations that protection of children and deterring or catching various criminal types are real issues, independent of how they are weaponized to promote other agendas. Even closer to the engineering side, I think there are tradeoffs to which more attention should be paid. For an example that is close to home for both of us, the IETF has spent a lot of energy in recent years on hop-by-hop encryption for email (such a running SMTP over TLS), even trying to insist on its use in configurations where content may be better protected than anywhere else in the system (see RFC 8314). At the same time, we know that some attacks, especially ones utilizing the likes of social engineering rather than technical means, can be mounted against servers rather than packets in transit, and that, depending on the goals of the attacker(s), compromising messages stores (even stores associated with retry queues) might be far more productive and cost-effective for the attacker than intercepting messages on the wire. For example, from a technology standpoint, we know how to do end-to-end (given some other discussions, perhaps I should say "desktop to desktop" or even "between devices with the users' fingers on them") encryption, at least of message content. There are some barriers to its active use that include lousy clients, questions as to how to manage and secure user-level keys when much of the world accesses email through web interfaces, and just convincing end users that the added protection is worth the trouble. Should the IETF (and ISOC and others who are pushing encryption as an absolute) be putting more energy into explaining why (at least for some threats) that would be a better solution or at least part of a comprehensive solution? Should we be thinking more about dividing message headers into "inner" and "outer" parts so as to make some of the information that appears in them more easily encrypted and/or signed? I don't know the answer to any of those questions but they are among the tradeoffs I want talking about and it is fairly clear to me that the IETF is not asking them in a serious way, much less trying to engage with those tradeoffs. Now, if you still disagree, would you explain further? thanks, john