[cryptography] Email is unsecurable

pjklauser at gmail.com pjklauser at gmail.com
Tue Nov 26 15:58:43 EST 2013


>From: Stephen Farrell <stephen.farrell at cs.tcd.ie>
>To: "Fabio Pietrosanti (naif)" <lists at infosecurity.ch>,
	cryptography at randombit.net
>Message-ID: <5293C66D.4040906 at cs.tcd.ie>
>
> On 11/25/2013 08:09 PM, Fabio Pietrosanti (naif) wrote:
> > Let's first cut-off the massive passive traffic analysis, then improve 
> > current systems to provide some added protection against metadata, 
> > focusing in a far future, when the new system got already wide 
> > adoption, make it perfect.
>
> New work on improving hop-by-hop security for email and other things is 
> getting underway in the IETF. [1] Basically the idea is to document stuff 
> that can be turned on already in current deployments (to the extent 
> possible) that gets you PFS and modern TLS ciphersuites. Pre-working-group
> charter discussion for this is being directed to the apps-discuss at ietf.org
> list for now, or if folks aren't keen to get on that list, feel free to 
> send me comments and I'll make sure they get into the pot. I'll send a 
> mail here when the WG is officially kicked off (in a few weeks hopefully) 
> with a pointer to the eventual wg mailing list.

way to go! 
Personally I don't see how using a P2P network in any next-gen email system
helps anything. If I send a message to someone, I trust my service provider
to deliver the message to the recipients service provider. If the
communication path is limited to this minimum 3 hops - and each hop is
"secure", then this could be good enough ( considering each service provider
can be sure that it's talking with the other one directly and securely ).
This is the system architecture proposed for TDMX[2] for a new transactional
enterprise messaging (yet-to-be standard) system I'm working on. Between
each hop is anyway an anonymous void of untrustworthyness - called the
internet ( adding any application layer complexity seems overkill ).

If you don't ( and you probably can't ) trust your service provider (enough)
then there's nothing stopping you running your own. 

Furthermore, Email doesn't need anonymization ( it got to where it is today
without it - it will survive some more) and in fact I argue in [1] that
corporations cannot really use use end-to-end security either.

[1]
http://pjklauser.wordpress.com/2013/11/17/why-enterprises-wont-embrace-darkm
ail/
[2] http://tdmx.org




More information about the cryptography mailing list