[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-14 20:38:21

--On Saturday, September 14, 2013 17:02 +0200 keld(_at_)keldix(_dot_)com

I am thinking of an advice to application developers to always
have TLS on by default, and til service providers to
always have TLS enabled by default. Still they should in my
mind communicate with non-TLS enabled MTAs - and then over
some tile everybody will have migrated to TLS, just like we
did with the SMTP -> ESMTP  migration.

Maybe.   How useful it is depends tremendously on the threat
model.  If the threat is, for example, a government body that
can compel email providers to hand over whatever is stored on
their servers (or even worse to capture and store things passing
through those servers so that it can be handed over) then TLS or
anything else that protects links on a hop by hop basis is
completely useless and will remain so.  If the concern is
protecting content that leaves end to end encryption methods and
we can amuse ourselves arguing and which of the PGP or S/MINE
models have more issues and if we can devise something better.
If the concern is protecting information about who is sending
messages to whom (i.e., hiding the forward and backward-pointing
addresses), I think we are in big trouble and that it is
unlikely that TLS is really the answer (although it can
certainly help in non-relay transmissions between mutually known
and trusted senders and receivers.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>