Paul Wouters: > On Thu, 24 Oct 2013, Noel Torres wrote: > >> The promised rough draft: > >> Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail) > > I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC, > apart from being able to get a remote server key from a HKP server, > which in itself is completely untrusted without web-of-trust > verification by a human. > > In fact, TLS with DHE would be more secure agaisnt a pervasive monitor > that obtains access to a mailserver's private openpgp key. > > What would doing openpgp encryption within TLS add security wise? >
Defense in depth. If the StartTLS server uses RC4, for example, I'd want a different layer for actual protection. All the best, Jacob _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
