[cryptography] new IETF WG on Using TLS in Applications (uta) (was: Re: [Cryptography] Email is unsecurable)

Stephen Farrell stephen.farrell at cs.tcd.ie
Wed Dec 11 13:49:44 EST 2013

FYI, I said I'd send a mail back here when that new
working group was formed. That's happened now. [1]

Probably be a few days at least while folks sign up
to the list before stuff starts happening. If you're
interested in helping, sign up, write drafts, do all
the usual stuff. (If you don't know what that is,
or how to get involved, feel free to mail me and I
can try help.)


[1] https://datatracker.ietf.org/wg/uta/charter/

On 11/25/2013 09:51 PM, Stephen Farrell wrote:
> On 11/25/2013 08:09 PM, Fabio Pietrosanti (naif) wrote:
>> Let's first cut-off the massive passive traffic analysis, then improve
>> current systems to provide some added protection against metadata,
>> focusing in a far future, when the new system got already wide adoption,
>> make it perfect.
> New work on improving hop-by-hop security for email and other
> things is getting underway in the IETF. [1] Basically the idea
> is to document stuff that can be turned on already in current
> deployments (to the extent possible) that gets you PFS and
> modern TLS ciphersuites. Pre-working-group charter discuss>

I haven't had a chance to review the current draft in detail, but I
think the
language in the draft about this is fine.
ion for
> this is being directed to the apps-discuss at ietf.org list for
> now, or if folks aren't keen to get on that list, feel free to
> send me comments and I'll make sure they get into the pot. I'll
> send a mail here when the WG is officially kicked off (in a few
> weeks hopefully) with a pointer to the eventual wg mailing list.
> That does address the short-term/quick-win stuff that we can
> get for foo-over-TLS protocols like SMTP, IMAP etc., but doesn't
> address end-to-end mail security, for lots of the reasons already
> stated in this thread. So if you think there's value in that
> short-term work too, then I'm sure more help and expertise will
> be welcomed.
> Personally, I'm not at all confident that we can do something
> that provides end-to-end security, can be deployed at full
> Internet scale and is compatible with today's email protocols.
> But if others are more optimistic then I'm all for 'em trying
> to figure it out and would be delighted to be proven wrong.
> Cheers,
> S.
> [1] http://www.ietf.org/mail-archive/web/ietf-announce/current/msg12140.html
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list