[cryptography] [Cryptography] Email is unsecurable

Stephen Farrell stephen.farrell at cs.tcd.ie
Wed Nov 27 16:50:36 EST 2013

On 11/27/2013 09:29 PM, Nico Williams wrote:
> Viktor Dukhovni says that anything like DKIM/SPF is bound to fail.
> One problem is confusables: users can't really distinguish them, and
> some can be counted on just doing whatever it takes to give their money
> to the phisher, no matter what.  In other words, the problem with e-mail
> is that strangers can start conversations with you.  (Whereas with web
> services you start the conversations with them, which is not as big a
> problem.)

I'm not talking about MUAs at all here though.

On 11/27/2013 09:24 PM, Natanael wrote:
> So, Convergence/Perspectives done on email headers?

Almost. (I'm sure we could throw in a twist of CT too to
keep Ben happy:-)

But not with the goal of verifying web server public keys.
In this case we want to verify that the same TLS master
secret got used on each side of each TLS hop, even for
anon-DH. But I think is interesting to do that even at
the level where all we can detect a pervasive attack,
either due to different TLS master secrets where they
should be the same or else because of additional
unexpected or untraceable hops. (Maybe more is achievable
but that's the attack I'm thinking of right now.)

Mind you, even if it'd be ok crypto-wise, I'd not be
surprised if it falls down for some mail reason.


More information about the cryptography mailing list