Re: [Uta] E-Mail Protocol Security Measurements

On Sat, Oct 31, 2015 at 07:15:51AM -0400, Watson Ladd wrote:

STARTTLS is designed to thwart exactly one attack: *passive* wiretap.
It works as designed for just that attack.  It is not surprising
that active attacks can and do defeat STARTTLS,


Before STARTTLS adoption the Tunisian secret police read all your
emails. Afterwards they still do. What was gained? Let's try solving
that problem.


Funny you should say that, that's a good part of what I've been
doing for the past 2.5 years.  However, simply having more SMTP
servers feeling good about useless WebPKI certs is not the answer.

Additional, downgrade-resistant out-of-band signalling is required
as explained in RFC7435 and RFC7672.  I've been working on one such
signalling model that is gaining some initial traction.

-- 
        Viktor.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: E-Mail Protocol Security Measurements, Aaron Zauner Re: E-Mail Protocol Security Measurements, Viktor Dukhovni Re: [Uta] E-Mail Protocol Security Measurements, Aaron Zauner Re: [Uta] E-Mail Protocol Security Measurements, Viktor Dukhovni Re: E-Mail Protocol Security Measurements, John C Klensin Re: E-Mail Protocol Security Measurements, Viktor Dukhovni Message not available Re: [Uta] E-Mail Protocol Security Measurements, Viktor Dukhovni <=

Previous by Date:	Re: Google threatens to break Gmail {dkim-fail}, Hector Santos
Next by Date:	IETF 94 - Agenda Changes, IETF Agenda
Previous by Thread:	Re: E-Mail Protocol Security Measurements, Viktor Dukhovni
Next by Thread:	Visiting the W3C meeting, IETF Chair
Indexes:	[Date] [Thread] [Top] [All Lists]