On 14.9.2013, at 4.56, keld(_at_)keldix(_dot_)com wrote:
Recently there has been reports in newspapers about powerful organisations
that
can sniff on wires and has paid for backdoors and compromising cryptographic
implementations.
Would it be a good idea to make a document describing best practices trying
to protect against such actions, to guide implemetors and service providers?
I've been considering an SMTP client extension (especially for submission
clients) where they can require that the mail be delivered via TLS, and have
the server reject/bounce it if that's not possible. The main problem I see is
relay servers that can accept the mail via TLS and then happily forward the
mail over plaintext connection to the other side of the world.. Then again,
there may be other ways to handle this, for example Germany has already started
something like this with their "Email made in Germany" project. Other countries
have expressed similar interests. Maybe something more standard could be
developed..
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp