[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-19 12:42:21
On 19 Sep 2013, at 17:33, keld(_at_)keldix(_dot_)com wrote:
On Thu, Sep 19, 2013 at 09:37:18AM +0200, Rolf E. Sonneveld wrote:
So first things first, let's start with a proper threat analysis.

I don't know how to write such an analysis, and it seems like red tape to me.
I am just advocating that we migrate SMTP to TLS, and then I want a plan
that could evolve into an succesful migration, without hurting

I've already explained in one way how interoperability is guaranteed to be 
hurt, even if your threat model only includes passive attackers. And I'm really 
not sure I'm happy about weakening TLS by making verification optional without 
making it very clear to implementers that their choice to use a CA-signed 
certificate is completely undermined for the sake of those who don't, 
regardless of how pointless verification may be.

But look, what *is* your threat model? Who are you up against? What 
capabilities do they have? Is this about Prism, or something much worse 
involving active network attackers or server takeover? Without this we really 
don't know how we can best solve the problem, and even if we did, we'd probably 
disagree on the means, or the utility, or the interoperability problems.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>