On 19.9.2013, at 21.42, Martijn Grooten
What Rolf was saying is that in this thread we were trying to come up with a
solution, without first having defined the problem we were trying to solve.
That is, without having defined a threat model we wanted to defend against.
Threat: Defending against casual (non-targeted) network snooping by
governments, which is what NSA (and probably others) are doing to everyone.
Solution: TLS, even when it doesn't verify the remote certificate in any way.
Threat 2: Defending against attempted MITM attacks by not-that-powerful
Solution: TLS with DANE, assuming the destination server's trust anchor doesn't
belong to that government.
Threat 3: Defending against targeted email nooping by a powerful government.
Solution: Don't use email.
ietf-smtp mailing list