[Cryptography] Strong DNS Names
Ralf Senderek
crypto at senderek.ie
Wed Sep 7 14:10:51 EDT 2016
Subject: [Cryptography] Strong DNS Names
> The new strong DNS addresses are compatible with pretty much every existing
> email client. Just route the inbound and outbound email through a proxy that
> strips off fingerprints from strong email addresses, fetches the policy and acts
> accordingly. Users can compose and read email just like normal. The only
> difference being that their email is now encrypted end to end (but not in client
> storage).
Isn't this a bit deceptive to call it "end to end", as the user's message will
hit the proxy unencrypted and will pop out at the other end's proxy for collection
by the other user's client software in plain text? And more so, because no user
has any control over what those proxies actually do (or don't do).
> The chief security issue here is that if we are talking about alice at eop.gov or
> alice at microsoft.com or the like, we want to make sure that we are talking to the
> implied domain if it matters.
In my opinion, the main security issue with this scheme is the total lack of control
by users that rely on the information stored in online servers, which need to be
trusted but in (too) many cases may not be trustworthy. An ordinary user won't have
any assurance that his message will get out (properly) encrypted nor will a receiving
user know in which form the message was transferred, because he must delegate the
decryption to an online server he does not control.
Our recent discussion about trustworthy hardware made it clear that it is quite
difficult to reach any meaningful security assurances for user systems. But wiping
all user control off the table in designing a system, is - as I see it - going too far.
--ralf
More information about the cryptography
mailing list