On Mon, Jun 29, 2015 at 4:04 PM, Michelle Sullivan <miche...@sorbs.net> wrote:
> Brandon Long wrote: > > > > > > On Mon, Jun 29, 2015 at 1:48 PM, Michelle Sullivan <miche...@sorbs.net > > <mailto:miche...@sorbs.net>> wrote: > > > > > > Thoughts/comments welcome. > > > > > > Sure, there's a bit of political or privacy argument involved here, > > that some people think "why does this need to be encrypted". There > > does seem to be a shift, however, to encrypting by default. The > > Mozilla blog post has a bunch of pointers in it for reasons and calls > > to encrypt by default: > > > > > https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ > > > HTTP and not SMTP I can understand. SMTP because of the protocol you > *cannot* encrypt end to end (unless the standard is amended and adopted.) > > > I don't expect to convince folks of that in this forum, nor to > > downplay the costs of doing this, and the challenges for > interoperability. > > Interoperability is an issue for me, rather than cost and challenges. > Encrypting email transport (particularly with TLS) is an extension of > the protocol for increasing interoperability by giving the option of > encrypting the transport layer. What is being suggested is that it is > forced, which will impact the interoperability of the protocol without > necessarily gaining anything.... Man-in-the-middle is almost built into > the protocol by default... just get someone to setup a server as the > destination hop, accept encrypted email (DH=4096 for good measure) then > forward plain text ... oops man-in-the-middle and whilst we (here on > this list) know the difference you think man in the street will not > blame who sent and/or received the email ignoring anything that happened > in the street? They already blame the banks for not enough security > when they answer a phish and give out their login details FFS! :P > I don't really understand what you're saying, you mean the sender can't control whether the mail hops to an insecure link at some point? Sure. Does the possibility of that mean we shouldn't even try? The amount of mail which goes through multiple hops is a small fraction of the total anyways (assuming hop = ADMD boundaries, at least). > That said, so far today, only 0.015% of our outbound messages that > > were over an encrypted link were using SSLv3. At our volume, that's > > not nothing, unfortunately, but it's a pretty small amount to allow to > > continue to allow the possibility of breaking the rest. TLSv1 is > > still about 5%, way too high to deprecate at this point. > > > > Inbound is 0.1% at SSLv3, 37% at TLSv1. > So +60% is unencrypted inbound... because it has to be or because it is > not forced otherwise... that is the burning question. You policy > Encrypted or nothing and it'll be interesting how many cope and how many > don't... Sorry, I didn't include all the types (TLS 1.1 and 1.2) and that's the percentage of encrypted connection, not overall, but I think our overall numbers are here: http://www.google.com/transparencyreport/saferemail/ Which is 46% unencrypted inbound. The majority of that is from bulk mailers last I looked. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
