[Cryptography] ISPs caught in STARTTLS downgrade attacks

Paul Wouters paul at cypherpunks.ca
Fri Nov 14 17:11:27 EST 2014

On Fri, 14 Nov 2014, Viktor Dukhovni wrote:

> I think very few people would likely want to use end-to-end encrypted
> mail, even if all the key-management usability issues were addressed
> and it became easy to send encrypted mail and read a given encrypted
> message.  Subtantial problems remain:
>    * Lose your key, lose all your mail.
>    * Substantially reduced server-side spam filtering.
>    * No server-side search.
>    ... and many more ..

Disagree. Publish a openpgpkey/smimekey in DNS(SEC) and use it for
transport security. On your own receiving email server, decrypt and
store. You keep all the benefits. For super important stuff, use another
key which only lives on your offline machine, with key in a vault or
whatever you do.


More information about the cryptography mailing list