[Cryptography] ISPs caught in STARTTLS downgrade attacks
Watson Ladd
watsonbladd at gmail.com
Fri Nov 14 17:26:01 EST 2014
On Nov 14, 2014 2:22 PM, "Paul Wouters" <paul at cypherpunks.ca> wrote:
>
> On Fri, 14 Nov 2014, Viktor Dukhovni wrote:
>
>> I think very few people would likely want to use end-to-end encrypted
>> mail, even if all the key-management usability issues were addressed
>> and it became easy to send encrypted mail and read a given encrypted
>> message. Subtantial problems remain:
>>
>> * Lose your key, lose all your mail.
>> * Substantially reduced server-side spam filtering.
>> * No server-side search.
>> ... and many more ..
>>
>
> Disagree. Publish a openpgpkey/smimekey in DNS(SEC) and use it for
> transport security. On your own receiving email server, decrypt and
> store. You keep all the benefits. For super important stuff, use another
> key which only lives on your offline machine, with key in a vault or
> whatever you do.
Most people don't run their own mail servers, and there isn't a per user
key discovery mechanism yet. One can easily be designed: it just hasn't
been.
Most PGP users don't use 1024 bit RSA. Interesting how DNSSEC proponents
never mention that this is what they want to use.
Sincerely,
Watson Ladd
>
> Paul
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141114/957b7a05/attachment.html>
More information about the cryptography
mailing list