[cryptography] [Cryptography] Email is unsecurable

Fabio Pietrosanti (naif) lists at infosecurity.ch
Thu Nov 28 04:03:23 EST 2013


Il 11/27/13, 10:01 PM, Jeffrey Walton ha scritto:
>
>>> The problem with DANE is the lack of DNSSEC. If we had both [...]
>> When I refer to DANE, I also mean that DNSSEC must be there.  We're
>> getting there.
> Isn't the key distribution problem being pushed into DNS? The
> underlying problem still exists.
To fix massive interception, that's passive, we do not need
"authenticated encryption".


We just need to have a widely used and diffused "opportunistic
encryption" with unauthenticated TLS on SMTP-to-SMTP communications.

Authenticating keys with DNSSEC/DANE or TOFU, is imho a nice "additional
feature", but it's not required to fix the massive interception, that's
passive.


-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org



More information about the cryptography mailing list