ietf
[Top] [All Lists]

Re: IETF mail server and SSLv3

2016-02-04 16:31:40


--On Thursday, 04 February, 2016 02:40 +0000 Viktor Dukhovni
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:

...
I am quite comfortable at this time with a requirement of
better than SSLv3 for SMTP on the public Internet.

Unless there is a fallback to clear text, I am not.  If we were
to succeed in creating a situation in which the only email that
could be sent or received on the public Internet was encrypted
in transit (and, by the way, encrypted or otherwise very well
protected and secured on relays and in mail stores), I think it
is only a matter of time before some government resorts to the
time-honored approach of making the use of crypto illegal and
specifying harsh punishments for its use.   

The effect of such a decision would be to cause whole countries
to vanish from the connected email network environment.    I
think that would be undesirable in general and inappropriate for
IETF materials and discussions.   For that and other reasons, I
think there is a balance to be struck between being open and
transparent and trying to insist on high levels of privacy for
things that are really need very little privacy protection (or
that are fully public in other ways, e.g., by appearing in
generally-accessible archives).  YMMD.

     john





<Prev in Thread] Current Thread [Next in Thread>