On 10/25/2013 1:23 AM, Christian Huitema wrote:
Please terminate this sub-thread. It has many years of wasted
history on many mailing lists.
Really. The script this thread will follow has been run so many
times, the pages are tattered.
Dave, I am well aware of past discussions, but something has
changed. We can certainly agree that server-to-server encryption is
not the best way to provide end-to-end authentication or
confidentiality of messages.
However, if I was running a spying system and if I was in the
business of collecting meta-data, I would love looking at
unencrypted SMTP traffic.
Christian,
I apologize for being ambiguous. The "sub-thread" I meant was the
sole-sourced, compulsive attacks on DKIM. I left the specific reference
off in an attempt to trigger yet-another round of attacks... sigh.
FWIW, I think "link" (that is, lower transfer layer) encryption is just
fine, much like washing one's hands is good hygiene.
The fact that it won't really provide protection against most/all of the
actual attacks we've been seeing or hearing about doesn't mean we
shouldn't do it, for at least the reason you cite.
But of course it does mean we also need to look at things more broadly,
for the additional mechanisms that will cover current, typical attacks.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
