[Cryptography] ISPs caught in STARTTLS downgrade attacks
watsonbladd at gmail.com
Fri Nov 14 17:26:01 EST 2014
On Nov 14, 2014 2:22 PM, "Paul Wouters" <paul at cypherpunks.ca> wrote:
> On Fri, 14 Nov 2014, Viktor Dukhovni wrote:
>> I think very few people would likely want to use end-to-end encrypted
>> mail, even if all the key-management usability issues were addressed
>> and it became easy to send encrypted mail and read a given encrypted
>> message. Subtantial problems remain:
>> * Lose your key, lose all your mail.
>> * Substantially reduced server-side spam filtering.
>> * No server-side search.
>> ... and many more ..
> Disagree. Publish a openpgpkey/smimekey in DNS(SEC) and use it for
> transport security. On your own receiving email server, decrypt and
> store. You keep all the benefits. For super important stuff, use another
> key which only lives on your offline machine, with key in a vault or
> whatever you do.
Most people don't run their own mail servers, and there isn't a per user
key discovery mechanism yet. One can easily be designed: it just hasn't
Most PGP users don't use 1024 bit RSA. Interesting how DNSSEC proponents
never mention that this is what they want to use.
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography