> On 8/27/2011 4:12 PM, t.petch wrote: > > Glen > > > > Me again. > > > > Just after I posted my last message, I received a post on the ietf-ssh list, > > hosted by netbsd.org, and looking through the 'Received: from' headers, as one > > does on a wet Saturday morning of a Bank Holiday weekend, there was TLS, used to > > submit the message to the server, so even spammers have caught on that TLS > > should be used everywhere. End to end? As a side note, the reason spammers use TLS to submit mail is obvious: It's required by many submission servers so they really don't have a choice. (The reason it's required is to protect the authentication exchange, not because there's any real expectation that it provides useful privacy protection for the submitted email itself.) > Apparently, from the POV of the spammer & his SMTP server. Email is a > store & forward system. In any case, my original question was not about > the definition of end-to-end, it was about Ned usage of the term "hop". I used the term "hop" in a very generic sense to refer to moving the data around. > Upon further analysis, however, it seems clear that he was referring to > the email archives as if they are something other than simple files (as > betrayed by his statement that "Don't pretend a transfer protection > mechanism covering exactly one hop provides real object security, > because it doesn't."); thus, the retrieval of the archived data would be > the last "hop" in the email system. And that's incorrect. For one thing, I often retrieve material from web sites and save it rather than looking at it right there on the screen. So the transfer of the material from the web server is in no way, shape, or form the final hop the information takes before it is consumed. As as Keith points out, I and many others am often forced to do such access through corporate-mandated proxies of various sorts - another hop. > There seem to be two problems with > this statement: one is taking the file transfer mechanism as if it was > part of the email system itself, Nobody is making any such claim. > which it obviously is not (downloading > an archived message is no different than downloading an RFC from a Web > site); the other being that someone, somewhere was pretending that TLS > does something that it was never designed to do (a straw man of, AFAICT, > Ned's invention -- I don't recall anybody making such a claim on this > thread, I was responding to the justification given for the use of https in this context. The exact words used were: > > The mail archives (and the minutes of the physical meetings) > > are the official record of the Working Groups, IETF, etc. > > Those archives should be available with a reasonably high > > level of integrity and authenticity. Nor was I the only, or even the first, to suggest that object security is needed for this sort of protection. > nor for that matter saying they _wanted_ "real object security" > applied to the archives, merely that it's not really a bad idea for a > person retrieving them to have some assurance that they came from the > IETF server and that they weren't modified in transit). And once again, nobody is saying that TLS doesn't give some very limited assurance along these lines - the notion that there are claims to the contrary is your own strawman. What we are saying is that there are also significant costs, those costs appear to be greater than the benefits in this case, and if there is real concern about archive integrity there are better ways to secure them. Anyway, this discussion is now well past it's sell-by date, so this will be my final response on the topic. Ned _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf