> Jacob Appelbaum wrote this message on Sat, Oct 26, 2013 at 09:24 +0000:
> > Paul Wouters:
> > > On Thu, 24 Oct 2013, Noel Torres wrote:
> > >
> > >> The promised rough draft:
> > >
> > >> Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)
> > >
> > > I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC,
> > > apart from being able to get a remote server key from a HKP server,
> > > which in itself is completely untrusted without web-of-trust
> > > verification by a human.
> > >
> > > In fact, TLS with DHE would be more secure agaisnt a pervasive monitor
> > > that obtains access to a mailserver's private openpgp key.
> > >
> > > What would doing openpgp encryption within TLS add security wise?
> > >
> >
> > Defense in depth. If the StartTLS server uses RC4, for example, I'd want
> > a different layer for actual protection.
> If the admin spent the time to configure OPSS, why not configure TLS
> properly in the first place?
To be fair, that's a bit of a problem right now. The issue is you don't really
want to flat-out disable RC4 ciphersuites because there may be some clients
that don't have anything else, and RC4 is better than nothing.
But at the same time you don't want to use an RC4 ciphersuite unless there's no
alternative - and there usually is. The problem here is that specifying a
preference order for ciphersuite use is a problem with some implementation
currently. As I noted previously, you want to prefer something with DHE when
possible and AES to RC4.
That said, in terms of standardization, I think the priority should be to
get the SSL/TLS stuff done. And then folks can start beating up on the
implementors to get a better grade of SSL/TLS in place.
Ned
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
