On 18/09/2013 15:11, keld(_at_)keldix(_dot_)com wrote:
The problems to solve are known for a long time, snooping on lines.
We can rebuild a part of the internet in a safer version. To have a
chance to make some impact, I believe it is necesary to build safer
defaults into major MTAs like postfix and sendmail.
My concern is that while something like TLS will have an effect on
criminals snooping on wireless networks etc, I can't see how it would
definitely help against governments.
The issue is - how do I know that the mail server I am sending the
message to is the one I should be sending the message to? If I don't
know that with a good degree of certainty, then using TLS won't achieve
security, because I could simply be dumping my messages on a compromised
server.
DNS, IP addresses and certificates could all be subverted by a
government at a 'choke point' such as an international link. Even if I
knew for certain that '123.123.123.123' was the IP address I should be
talking to (which is unlikely), it would be trivial for a router at a
choke point to redirect that IP address to another machine instead of
the one it was supposed to go to. If I am allowed to validate
certificates (which is currently doubtful), then I'd have a bit more
certainty, but, to be honest, can I trust that a CA won't issue fake
certificates to a government?
Yes, use TLS where you can - it won't do any harm, and is better than
not using TLS - but don't expect it to do anything significant to stop a
government from snooping if it wants to, except with pre-known
certificate fingerprints. I'd be reluctant to risk breaking
interoperability to force TLS usage, because of the dubious benefit.
-
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp