[cryptography] Email is unsecurable
pjklauser at gmail.com
pjklauser at gmail.com
Tue Nov 26 15:58:43 EST 2013
>From: Stephen Farrell <stephen.farrell at cs.tcd.ie>
>To: "Fabio Pietrosanti (naif)" <lists at infosecurity.ch>,
cryptography at randombit.net
>Message-ID: <5293C66D.4040906 at cs.tcd.ie>
> On 11/25/2013 08:09 PM, Fabio Pietrosanti (naif) wrote:
> > Let's first cut-off the massive passive traffic analysis, then improve
> > current systems to provide some added protection against metadata,
> > focusing in a far future, when the new system got already wide
> > adoption, make it perfect.
> New work on improving hop-by-hop security for email and other things is
> getting underway in the IETF.  Basically the idea is to document stuff
> that can be turned on already in current deployments (to the extent
> possible) that gets you PFS and modern TLS ciphersuites. Pre-working-group
> charter discussion for this is being directed to the apps-discuss at ietf.org
> list for now, or if folks aren't keen to get on that list, feel free to
> send me comments and I'll make sure they get into the pot. I'll send a
> mail here when the WG is officially kicked off (in a few weeks hopefully)
> with a pointer to the eventual wg mailing list.
way to go!
Personally I don't see how using a P2P network in any next-gen email system
helps anything. If I send a message to someone, I trust my service provider
to deliver the message to the recipients service provider. If the
communication path is limited to this minimum 3 hops - and each hop is
"secure", then this could be good enough ( considering each service provider
can be sure that it's talking with the other one directly and securely ).
This is the system architecture proposed for TDMX for a new transactional
enterprise messaging (yet-to-be standard) system I'm working on. Between
each hop is anyway an anonymous void of untrustworthyness - called the
internet ( adding any application layer complexity seems overkill ).
If you don't ( and you probably can't ) trust your service provider (enough)
then there's nothing stopping you running your own.
Furthermore, Email doesn't need anonymization ( it got to where it is today
without it - it will survive some more) and in fact I argue in  that
corporations cannot really use use end-to-end security either.
More information about the cryptography