On Wed, Oct 16, 2013 at 12:38 PM, John C Klensin <john+smtp(_at_)jck(_dot_)com>
--On Wednesday, October 16, 2013 11:17 -0700 Wei Chuang
That is certainly not an argument against doing TLS or
otherwise protecting the links because there is clearly a
there. Whether it is worth going to extra trouble (and
not having messages delivered that are otherwise ok) to
promise that such methods will be used is a more complex
question that is, indeed, closely related to what the users
will perceive is being promised.
I would differ here. As pointed out in the proposal's
motivation, leaving mail delivery as clear text mail makes
mail delivery the weakest link for many mail providers. It
invites adversaries with lots of resources to attack this
point as other interfaces become much more hardened.
With no disrespect, a matter of opinion. Or perhaps it is a
matter of how one thinks about the threat model. Hardening a
server technically is of little use if someone from the
government, police, etc., can show up with legal papers and/or
threats and obtain content that way.
For the TLA's in the current news, it seems obvious that there's a
difference in capability between "able to snoop on email across any given
two endpoints regardless of ability to serve a subpoena/warrant or get a
warrant for XXX million different accounts" and the published numbers of
actual NSL's issued.
There are obviously countries which are more "open" about their
surveillance state, but large mail providers are less likely to be located
there or at least less likely to be used by non-citizens of those states.
This of course leads back to the most challenging part of this that's
already been brought up, which is that this is "more" secure, but still has
a gaping hole to what a consumer would consider secure, which makes it
problematic to expose this to the consumer at all.
ietf-smtp mailing list