[Cryptography] ISPs caught in STARTTLS downgrade attacks
Paul Wouters
paul at cypherpunks.ca
Fri Nov 14 17:11:27 EST 2014
On Fri, 14 Nov 2014, Viktor Dukhovni wrote:
> I think very few people would likely want to use end-to-end encrypted
> mail, even if all the key-management usability issues were addressed
> and it became easy to send encrypted mail and read a given encrypted
> message. Subtantial problems remain:
>
> * Lose your key, lose all your mail.
> * Substantially reduced server-side spam filtering.
> * No server-side search.
> ... and many more ..
>
Disagree. Publish a openpgpkey/smimekey in DNS(SEC) and use it for
transport security. On your own receiving email server, decrypt and
store. You keep all the benefits. For super important stuff, use another
key which only lives on your offline machine, with key in a vault or
whatever you do.
Paul
More information about the cryptography
mailing list