[Top] [All Lists]

Re: [ietf-smtp] DKIM encryption, was Request for discussion

2013-10-22 12:42:42
So after my initial excitement about the idea of using something DKIM-like to ensure organisation-to-organisation encryption for SMTP, I've started to have some doubts.

I basically have two concerns.

Firstly, while I understand the important difference between guaranteeing encryption of the connection to the next hop (as STARTTLS does) and guaranteeing encryption of the full transit to the recipient's mail server (as this proposal aims to do), in practice how often do these two differ? The only widely used example I can think of are organisations using hosted email (for filtering spam etc.) - but not decrypting the emails at the cloud-based host would defeat the whole point of using hosted email.

Secondly, I don't think the proposal includes a way to authenticate the receiving server. I think this is important to defend against active man-in-the-middle attacks by attackers who are able to modify DNS responses (as happened in the case of some prominent security firms recently - though web rather than email was the attackers' main target). In this proposal as I understand it, as in DKIM itself, DNS is a single point of failure. I know authentication requires the use of certificates, which adds complications and introduces a likely cost and that sometime DKIM-like is therefore a lot easier to implement. But is this compromise worth it?

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>