[Cryptography] Hillery's Email

Phillip Hallam-Baker phill at hallambaker.com
Fri Apr 8 00:17:11 EDT 2016


On Thu, Apr 7, 2016 at 5:41 PM, Tom Mitchell <mitch at niftyegg.com> wrote:
> On Wed, Apr 6, 2016 at 10:42 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
>>
>> In another thread, Tom Mitchell wrote:
>>
>>> In the common use and common purpose case it seems OK to me.
>>> In all, it is a step up from the management of Hillary's email.
>>
>>
>> What do we know about the management of Hillery's email? I do know that
>> the government systems have had enough breaks that a private system may well
>> have been better protected. Also that while Obama managed to get a
>> more-or-less secure Blackberry, Hillery couldn't get one when she was
>> Secretary of State. Otherwise, I'm woefully ignorant.
>>
>
> Good catch...
> SMTP.
> We know that sendmail (SMTP) is a store and forward protocol.
> We know that transport is commonly plain text.
> We know that metadata is visible even when the contents are encrypted.
> We know that the retention policy of Hillary's email allowed long term
> storage
> on the mail server in contrast to a secure data storage resource.
> We know state department mail storage and transport was insecure.
>
> WhatsApp
> We know that WhatsApp can optionally backup its data to Google Drive..
> never would be a good choice.
> We know the end to end encryption is an improvement over SMTP.
> It does not honestly replace email,  it does seem to improve on
> basic text messaging which is in the clear.
>
> The reality is that communication tools for federal officials and
> normal citizens have lots of room for improvement.

Just got back from drinking with the IAB and IESG at IETF '95. This
may make no sense.

One big difference between the Whatsapp protocol and SMTP is that
Whatsapp is an intranet mail app. One company controls the sending and
receiving clients and the server. It is a three corner model
(client->server->client).

SMTP is much more complex because it is an internet mail app, the
sender and receiver do not use the same app or share a server in the
general case. It is a four corner model (client -> outbound -> inbound
-> client) and that is the simplest case.

So SMTP is a lot more difficult.


More information about the cryptography mailing list