On Wed, Sep 18, 2013 at 12:39:31PM -0700, Carl S. Gutekunst wrote:
The issue is - how do I know that the mail server I am sending the
message to is the one I should be sending the message to? If I don't
know that with a good degree of certainty, then using TLS won't
achieve security, because I could simply be dumping my messages on a
DNS, IP addresses and certificates could all be subverted by a
government at a 'choke point' such as an international link.
Which is exactly what's already happening in many countries, e.g.,
Syria. Go ahead and use TLS all you want -- it won't help, because all
the servers to which you can get IP-level connectivity are government run.
But surely this is not the case all over the world.
At least the EU is working for net neutrality.
We could also just refine the problem to making a secure email service
for the EU, if that seems more realistic (tounge in cheek:-).
ietf-smtp mailing list