Both. The issues we’ve run into with eFail are an issue because determining when all your recipients are protected is difficult. But really it’s more the fact that (for example) S/Mime has been in major clients for what, a decade? nearly seamlessly other than certificate management? And yet (virtually) no one uses it.
I’d love to see the large email providers adopt a letsencrypt-like platform for generating user certificates for S/Mime transparently but the issues of things like forwards, lists, transactional email from third parties etc. haven’t even begun to be considered because step 0 (getting everyone an identity) has no traction.
I think that qualifies as an “other than that, Mrs. Lincoln, how was the play?” issue for cryptographic purposes.
It’s not as though cryptography is easy; but there are the parts where you can get a relatively small number of suitably skilled people, often ones who do it for a living, together to solve the problem, then stamp out copies of their work at close to zero marginal cost; and there are the parts where you have to get people to use it. Certificate(and keying material generally) management is on the very wrong side of that particular distinction.
(edit: In keeping with my ongoing commitment to IT through fine 80s cinema and video games: Colonel Corazón Santiago:
“Against such abominations we organize our defenses on the principle that one strong and able mind can shield the many.”
Specifically, certificate management is the part where that stops being an option and everyone panics and gets ravenous mindworm larvae implanted in their brains.)
Some time ago AOL and Yahoo! had to deal with massive breakins that leaked loads of user account data, including user names and e-mail addresses. Their method to prevent sleazy phishers and spammers from making use of these e-mail addresses was to institute DMARC on “aol.com”and “yahoo.com”. This basically causes mail services that use DMARC (such as AOL or Yahoo!) to reject mail with, e.g., a “From:” address like “foo@aol.com” or “bar@yahoo.com” that does not carry a valid signature from an AOL or Yahoo! mail server, and breaks mailing lists in the process – subscribers on AOL or Yahoo! will not be able to see messages from other subscribers on AOL or Yahoo!. In fact the automated reporting of DMARC violations can cause the mailing list’s whole domain or server to be blocked for all AOL or Yahoo! users, which is obviously uncalled for.
But DMARC isn’t intended for use with general-purpose e-mail addresses like the ones people usually operate on domains like “aol.com”. Its point is to secure special domains institutions like banks use to send e-mail to their customers, in order to make phishing more difficult. The addresses in question don’t subscribe to mailing lists and therefore the issue doesn’t arise.
Then again, AOL and Yahoo! could hardly have cared less about mailing lists because everyone should be using Yahoo! Groups and similar services, anyway.
Does DMARC distinguish between “From:” and “Sender:” ? This is the intent of these two headers but I don’t know how modern MTAs and clients handle them?
Also unfortunately the days of email discussion lists may be largely over.
I strongly disagree with this framing, even though it’s not entirely false.
The economics of spam and malware, and the growth of the Internet, make it necessary to take actions against online criminals that invalidate certain business models, just as Henry Ford’s invention of cheap mass produced cars invalidated the business model of buggy whip makers.
Your framing can be read as support for people who want the existing system to remain unchanged, so that they can continue to rake in millions from email-propagated ransomware, which they might very well then use to influence elections in both our countries. Seriously, fuck those people, and their proxies. I rarely use such language, but I want to see those people harmed. They are poisoners at the well, I am not their ally, and I am sure you are not either.
I would quote from Heinlein, myself: “There has grown up in the minds of certain groups in this country the notion that because a man or corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guaranteeing such profit in the future, even in the face of changing circumstances and contrary public interest. This strange doctrine is not supported by statute nor common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back, for their private benefit.”
People who stand in the way of email modernization using the existing standards and process are mostly saboteurs who want email to be broken and who want criminals to prosper on the Internet. But some of them are just lazy people who want everyone else to sponsor their lazyiness.
I think that’s a totally fair criticism! But standards-based email enhancements like SPF/DKIM/DEMARC are necessary, and 100% adoption is what the goal should be.
The mailing list software I maintain does exactly what the link suggests (with a few refinements).
That doesn’t detract from the fact that AOL and Yahoo! are using DMARC for something they shouldn’t be using it for, simply because (being 800-lb gorillas) they can get away with it and it papers over their problem, sort of, anyway – who cares if it makes unexpected problems for other people who are just minding their own business?
As much as I want everyone to adopt modern mail validation and transport technology, you again have a fair criticism; while the guys at Yahoo! who developed DomainKeys were clearly interested in the public good, I don’t think their boardroom class really cares about Internet health or public safety except as it affects their profits.
I can tell you, as a programmer, that what you describe is different enough from how email works now, that, were one to implement such a thing, one would want to start from scratch. In other words, it’s a complete redesign, not a fix to the existing system.
Another point is that, when even the solutions that involve only MTA operators and MUA developers have glaring security problems, adding a sender authentication system that every online service has to Incorporate into their systems… I don’t think it’s likely to go down well.
I’m going to agree with @john_c that your proposal doesn’t have a viable upgrade path from the existing infrastructure, it’s a complete redesign.
And although a lot of people would applaud a ground up replacement for electronic mail, pragmatically speaking we’re having trouble getting existing email service providers to make changes that return quantifiably high value from literally 15 minutes work (specifically referencing SPF here).
If you pursue this as a project, I recommend you rename it for purely PR reasons, call it something other than email and promote it as being better than email, so you don’t have to deal with kickback from people with high investment in the existing systems.
Heresy! Mindworms are a thing about which reasonable people can agree to disagree; but actually preferring one of the Alien Crossfire factions(except for being overpowered; and maybe the Nautilus Pirates)?