On Fri, Jun 26, 2015 at 7:03 PM, Michelle Sullivan <[email protected]> wrote:
> Brandon Long wrote: > > > > I've considered an opposite DANE, where a server can know whether to > > refuse an unencrypted connection. One could imagine an extension to > > spf for example saying that only encrypted connections from these ips > > are to be considered authed, or just abusing spf as for encryption > > required as well. Spf is certainly used today for listing ips for > > white listing and such, so it's not a stretch to use it for an SSL > > everywhere usage. > > > > SMTP has been a lowest common denominator method of contact at all > > costs, but the minimum bar is rising especially in this post snowden > > world. > > > > Oh the Snowdon thing...?! > > Here's the thing... if I am concerned about encryption I'll encrypt the > email itself. If I'm super paranoid about the contents getting out I'll > encrypt the connection - and keep control of all servers in the path* > All SMTP-AUTH sessions I do are encrypted and I refused any that are > unencrypted or try to fall back... > > * If I am worried about transmission of the email above encrypting the > email I'll use TLS, and ensure I own every server in the path and each > will TLS... otherwise what's the point? I sent DH 2048, TLS 1.2 to > Server A. Server A sends to outside of my network to Server B with TLS > 1.0 (dh 1024, common key)... Server B is on the Internet and sends to > Server C unencrypted because Server C doesn't even support any type of > encryption.... > > > Sure SMTP can have the lowest common denominator, but I thought the > whole point of the protocol and extensions was: > > 1/ You want to ensure the email is not readable by a 3rd party you > encrypt (PGP/SMIME) it.. > 2/ You want to ensure credentials for SMTP-AUTH are not compromised you > SSL3/TLS/TLSv1.2,DH=4096 the connection > > and what you don't do is: > > 3/ Encrypt the connection so no-one can see my email in transit.... > because yeah sure all servers will always TLSv1.2.... The point I have about bringing up Snowden is that for bulk collection, they'll go where they can and find the weak link. We won't be that link, if I can help it. We have a ways to go, of course. Especially since #1 for everyone is a really long pole. Sure, if you're an actual target, #1 is a minimum... or not using this infrastructure at all might be an even better choice. Brandon
_______________________________________________ mailop mailing list [email protected] http://chilli.nosignal.org/mailman/listinfo/mailop
