>From: Stephen Farrell <[email protected]> >To: "Fabio Pietrosanti (naif)" <[email protected]>, [email protected] >Message-ID: <[email protected]> > > On 11/25/2013 08:09 PM, Fabio Pietrosanti (naif) wrote: > > Let's first cut-off the massive passive traffic analysis, then improve > > current systems to provide some added protection against metadata, > > focusing in a far future, when the new system got already wide > > adoption, make it perfect. > > New work on improving hop-by-hop security for email and other things is > getting underway in the IETF. [1] Basically the idea is to document stuff > that can be turned on already in current deployments (to the extent > possible) that gets you PFS and modern TLS ciphersuites. Pre-working-group > charter discussion for this is being directed to the [email protected] > list for now, or if folks aren't keen to get on that list, feel free to > send me comments and I'll make sure they get into the pot. I'll send a > mail here when the WG is officially kicked off (in a few weeks hopefully) > with a pointer to the eventual wg mailing list.
way to go! Personally I don't see how using a P2P network in any next-gen email system helps anything. If I send a message to someone, I trust my service provider to deliver the message to the recipients service provider. If the communication path is limited to this minimum 3 hops - and each hop is "secure", then this could be good enough ( considering each service provider can be sure that it's talking with the other one directly and securely ). This is the system architecture proposed for TDMX[2] for a new transactional enterprise messaging (yet-to-be standard) system I'm working on. Between each hop is anyway an anonymous void of untrustworthyness - called the internet ( adding any application layer complexity seems overkill ). If you don't ( and you probably can't ) trust your service provider (enough) then there's nothing stopping you running your own. Furthermore, Email doesn't need anonymization ( it got to where it is today without it - it will survive some more) and in fact I argue in [1] that corporations cannot really use use end-to-end security either. [1] http://pjklauser.wordpress.com/2013/11/17/why-enterprises-wont-embrace-darkm ail/ [2] http://tdmx.org _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
