[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-18 19:43:17
On Wed, Sep 18, 2013 at 12:39:31PM -0700, Carl S. Gutekunst wrote:
The issue is - how do I know that the mail server I am sending the 
message to is the one I should be sending the message to? If I don't 
know that with a good degree of certainty, then using TLS won't 
achieve security, because I could simply be dumping my messages on a 
compromised server.

DNS, IP addresses and certificates could all be subverted by a 
government at a 'choke point' such as an international link. 

Which is exactly what's already happening in many countries, e.g., 
Syria. Go ahead and use TLS all you want -- it won't help, because all 
the servers to which you can get IP-level connectivity are government run.

But surely this is not the case all over the world.
At least the EU is working for net neutrality.
We could also just refine the problem to making a secure email service
for the EU, if that seems more realistic (tounge in cheek:-).

best regards
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>