[Cryptography] ISPs caught in STARTTLS downgrade attacks

Watson Ladd watsonbladd at gmail.com
Fri Nov 14 17:26:01 EST 2014

On Nov 14, 2014 2:22 PM, "Paul Wouters" <paul at cypherpunks.ca> wrote:
> On Fri, 14 Nov 2014, Viktor Dukhovni wrote:
>> I think very few people would likely want to use end-to-end encrypted
>> mail, even if all the key-management usability issues were addressed
>> and it became easy to send encrypted mail and read a given encrypted
>> message.  Subtantial problems remain:
>>    * Lose your key, lose all your mail.
>>    * Substantially reduced server-side spam filtering.
>>    * No server-side search.
>>    ... and many more ..
> Disagree. Publish a openpgpkey/smimekey in DNS(SEC) and use it for
> transport security. On your own receiving email server, decrypt and
> store. You keep all the benefits. For super important stuff, use another
> key which only lives on your offline machine, with key in a vault or
> whatever you do.

Most people don't run their own mail servers, and there isn't a per user
key discovery mechanism yet. One can easily be designed: it just hasn't

Most PGP users don't use 1024 bit RSA. Interesting how DNSSEC proponents
never mention that this is what they want to use.

Watson Ladd
> Paul
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141114/957b7a05/attachment.html>

More information about the cryptography mailing list