[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-14 10:25:45
On 14 Sep 2013, at 15:45, Arnt Gulbrandsen 
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:
Name removed to make this a little less flamish:
But really, PGP is the answer you're looking for. :)

I hate to say this, but this is the kind of thing NSA shills say: Point
out some magnificent foobar that certainly will not be deployed, focus
on it, and hope that nothing merely good will get traction.

I have some ideas about why PGP fails so miserably, but that doesn't
really matter. Whatever the reason is, PGP has a twenty-year history of
disuse, so I'm fairly sure that in five years, only a very few people
will use it and its users will not be able to hide in a crowd.

Yes.  Absolutely correct; PGP will remain the clique solution exclusive to 
fumbling Guardian journalists and tinfoil hat-wearing conspiracy nutters.

I don't know that I could confidently say that it is PGP's implicit trust model 
that's FUBAR for ordinary use.  I definitely think, though, that the "Defence 
in depth" strategy of eventual upgrade to TLS has a better chance of providing 
useful results (second place in my mind goes to S/MIME with web-based automatic 

But, and this is the reason I made the comment, PGP right now provides useful 
security.  It's not easy, but it does *EXACTLY* what it proposes to do.  That's 
a whole lot better than the uncertainty of anything dependent on hop-by-hop 
message transfers, at least at the moment.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>