Yahoo releases internet standard draft for using DNS as public key server

Ian Grigg iang at systemics.com
Tue Jun 1 11:52:50 EDT 2004 

Dave Howe wrote:
> Peter Gutmann wrote:
> 
>> It *is* happening, only it's now called STARTTLS (and if certain vendors
>> (Micromumblemumble) didn't make it such a pain to set up certs for 
>> their MTAs
>> but simply generated self-signed certs on install and turned it on by 
>> default,
>> it'd be happening even more).
> 
> TLS for SMTP is a nice, efficient way to encrypt the channel. However, 
> it offers little or no assurance that your mail will *stay* encrypted 
> all the way to the recipients.


That's correct.  But, the goal is not to secure
email to the extent that there is no risk, that's
impossible, and arguing that the existence of a
weakness means you shouldn't do it just means that
we should never use crypto at all.

See those slides that Adi Shamir put up, I collected
the 3 useful ones in a recent blog:

http://www.financialcryptography.com/mt/archives/000147.html

I'd print these three out and post them on the wall,
if I had a printer!

The goal is to make it more difficult, within a
tight budget.  Using TLS for SMTP is free.  Why
not do it?

(Well, it's free if self-signed certs are used.
If CA-signed certs are used, I agree, that exceeds
the likely benefit.)


> Most of us (including me most of the time) are in the position of using 
> their ISPs or Employer's smarthost to relay email to its final 
> destination; in fact, most employers (and many ISPs) actually enforce 
> this, redirecting or blocking port 25 traffic.
> If my employer or isp accept TLS traffic from me, but then turn around 
> and send that completely unprotected to my final recipient, I have no 
> way of preventing or even knowing that.
> Sendmail's documentation certainly used to warn this was the case - 
> probably still does :)


a) Once a bunch of people send mail via TLS/SMTP,
the ISP is incentivised to look at onward forwarding
it that way.

b) It may be that your local threat is the biggest,
if for example you are using 802.11b to send your
mail.  The threat of listening from the ISP onwards
is relatively small compared to what goes on closer
to the end nodes.

c) every node that starts protecting traffic this
way helps - because it boxes the attacker into
narrower and narrower attacks.  It may be that the
emails are totally open over the backbone, but who
cares if the attacker can't easily get there?

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list