Re: [ietf-smtp] guidance on how to secure against sniffing and paid back

ietf-smtp

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-19 16:40:09

On 19.9.2013, at 21.42, Martijn Grooten 
<ietf-smtp(_at_)lapsedordinary(_dot_)net> wrote:

What Rolf was saying is that in this thread we were trying to come up with a 
solution, without first having defined the problem we were trying to solve. 
That is, without having defined a threat model we wanted to defend against.


Threat: Defending against casual (non-targeted) network snooping by 
governments, which is what NSA (and probably others) are doing to everyone.

Solution: TLS, even when it doesn't verify the remote certificate in any way.

Threat 2: Defending against attempted MITM attacks by not-that-powerful 
governments.

Solution: TLS with DANE, assuming the destination server's trust anchor doesn't 
belong to that government.

Threat 3: Defending against targeted email nooping by a powerful government.

Solution: Don't use email.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, (continued) Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Rolf E. Sonneveld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld Re: [ietf-smtp] threat models, guidance on how to secure against sniffing and paid backdoors, John Levine Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Sabahattin Gucukoglu Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Sabahattin Gucukoglu Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Russ Allbery Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Rolf E. Sonneveld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Martijn Grooten Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Timo Sirainen <= Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Paul Smith Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, John Levine Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Sabahattin Gucukoglu Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Sabahattin Gucukoglu Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Mark Andrews Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, James Cloos Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Arnt Gulbrandsen

Previous by Date:	Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld
Next by Date:	Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Sabahattin Gucukoglu
Previous by Thread:	Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Martijn Grooten
Next by Thread:	Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Paul Smith
Indexes:	[Date] [Thread] [Top] [All Lists]