[cryptography] [Cryptography] Email is unsecurable

Stephen Farrell stephen.farrell at cs.tcd.ie
Mon Nov 25 16:51:41 EST 2013

On 11/25/2013 08:09 PM, Fabio Pietrosanti (naif) wrote:
> Let's first cut-off the massive passive traffic analysis, then improve
> current systems to provide some added protection against metadata,
> focusing in a far future, when the new system got already wide adoption,
> make it perfect.

New work on improving hop-by-hop security for email and other
things is getting underway in the IETF. [1] Basically the idea
is to document stuff that can be turned on already in current
deployments (to the extent possible) that gets you PFS and
modern TLS ciphersuites. Pre-working-group charter discussion for
this is being directed to the apps-discuss at ietf.org list for
now, or if folks aren't keen to get on that list, feel free to
send me comments and I'll make sure they get into the pot. I'll
send a mail here when the WG is officially kicked off (in a few
weeks hopefully) with a pointer to the eventual wg mailing list.

That does address the short-term/quick-win stuff that we can
get for foo-over-TLS protocols like SMTP, IMAP etc., but doesn't
address end-to-end mail security, for lots of the reasons already
stated in this thread. So if you think there's value in that
short-term work too, then I'm sure more help and expertise will
be welcomed.

Personally, I'm not at all confident that we can do something
that provides end-to-end security, can be deployed at full
Internet scale and is compatible with today's email protocols.
But if others are more optimistic then I'm all for 'em trying
to figure it out and would be delighted to be proven wrong.


[1] http://www.ietf.org/mail-archive/web/ietf-announce/current/msg12140.html

More information about the cryptography mailing list