On Sat, Sep 06, 2014 at 03:16:01PM +0200, Eliot Lear wrote:
> While I think it would be fun to talk with the gentleman about his
> bitcoin thinking, the key part that I intended for this group was the
> situational analysis involving spam and how bad guys behave.
For many users there are parties to their email service that want
to apply additional content security policies beyond the immediate
personal security interests of the user. Sometimes it is a service
to user (less spam), other times it is corporate security policy
(block malware, detect data leakage, comply with regulatory email
archiving requirements, ...).
This is why I generally think of protecting email as two separate
problems:
* data in motion
* data at rest
for data in motion, I am working on more flexibility and security
with STARTTS. For data at rest, I'd like to see LMTP servers that
support S/MIME encryption at time of final delivery, which still
allows various processing of email before it is deposited into the
mailbox. This extends PFS to email already delivered before any
warrants are served to intercept content. Of course it does not
protect email received while under surveillance.
While truly end-to-end email is used already, and may be used more
widely in the future, I don't expect mass adoption, there are many
obstacles beyond just the key management.
--
Viktor.
_______________________________________________
Endymail mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/endymail
