[cryptography] [Cryptography] Email is unsecurable
ben at links.org
Sat Nov 30 18:07:43 EST 2013
On 27 November 2013 21:50, Stephen Farrell <stephen.farrell at cs.tcd.ie>wrote:
> On 11/27/2013 09:29 PM, Nico Williams wrote:
> > Viktor Dukhovni says that anything like DKIM/SPF is bound to fail.
> > One problem is confusables: users can't really distinguish them, and
> > some can be counted on just doing whatever it takes to give their money
> > to the phisher, no matter what. In other words, the problem with e-mail
> > is that strangers can start conversations with you. (Whereas with web
> > services you start the conversations with them, which is not as big a
> > problem.)
> I'm not talking about MUAs at all here though.
> On 11/27/2013 09:24 PM, Natanael wrote:
> > So, Convergence/Perspectives done on email headers?
> Almost. (I'm sure we could throw in a twist of CT too to
> keep Ben happy:-)
I am, of course, ecstatic.
> But not with the goal of verifying web server public keys.
> In this case we want to verify that the same TLS master
> secret got used on each side of each TLS hop, even for
> anon-DH. But I think is interesting to do that even at
> the level where all we can detect a pervasive attack,
> either due to different TLS master secrets where they
> should be the same or else because of additional
> unexpected or untraceable hops. (Maybe more is achievable
> but that's the attack I'm thinking of right now.)
Surely what you want to verify is that the key you saw is the key the
domain owner intended to publish?
> Mind you, even if it'd be ok crypto-wise, I'd not be
> surprised if it falls down for some mail reason.
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography