[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-14 02:19:44
On 14 Sep 2013, at 03:37, Timo Sirainen <tss(_at_)iki(_dot_)fi> wrote:
I've been considering an SMTP client extension (especially for submission 
clients) where they can require that the mail be delivered via TLS, and have 
the server reject/bounce it if that's not possible. The main problem I see is 
relay servers that can accept the mail via TLS and then happily forward the 
mail over plaintext connection to the other side of the world.. Then again, 
there may be other ways to handle this, for example Germany has already 
started something like this with their "Email made in Germany" project. Other 
countries have expressed similar interests. Maybe something more standard 
could be developed..

We can already do that, by just configuring SMTP servers properly to do the 
required levels of TLS verification and choosing submission servers that are 
known to trust a set of verified recipient domains.  We just need a way to 
extend that to the whole Internet, using DNSSEC (which does introduce a 
vulnerability in the form of the registries, it's true).  Sadly, in either 
case, the user does not know which domains are truly end-to-end secure, though 
tools could be invented to look it up in DNS and ISPs could publish lists of 
the known domains, so the user knows before sending email which would otherwise 
be compromised if the next hop was not using TLS.  That is, if the user 
realistically cares, or is willing to check for every email, or is willing to 
send a message twice to find out …

But really, PGP is the answer you're looking for. :)


ietf-smtp mailing list