-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Steven, (others), >> For example, when it comes to email, > > To be honest, I don't see how we can "fix" mail myself so that its > not vulnerable to pervasive monitoring. I think we can make such > monitoring somewhat harder via better use of TLS, and that's worth > doing, but beyond that, I don't see much that can be done without > changes that I don't think are likely to happen. I'd be delighted > to be proven wrong on that, so I'm happy to see it discussed but > I'm not hopeful. Is it within the purview of this list to discuss alternatives to, or replacements for email as we currently know it? Or would that better be proposed / discussed elsewhere so at to not dilute the topic at hand? I also believe email as we generally know it is vulnerable to traffic analysis even if we can encrypt the contents; there's just too much observable metadata. Currently it seems to my somewhat limited understanding that some combination of anonymous remailer systems and properly configured VPN tunnels (and/or Tor perhaps...) are really the only effective way to obscure your email traffic paths with our existing systems. Traffic timing analysis is still an issue unless you have either cover traffic (noise) or introduce a latency (delay) or both (ala Mixminion / Pynchons Gate). For the majority of average users, that still leaves you at the mercy of the remailer operator and the VPN provider, and there are many possible points of failure in using a VPN even without a Mallory or Eve behind the scenes subverting your traffic. That said, I'd still like to see the effort made in making existing email as resistant as possible by default. Anything less is is a disservice to the security of the user in general. Regards, Dave Nix - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSbswlAAoJEDMbeBxcUNAe75MH/3s95WacpbFQtJJjgBc0kwNR hDqlN3slQnWnu31g5nfZQxtJ0E0K2u4oRMEviCPG1zSsBjNZSk66ivBxipV5oA4A 3XvjnKPj7p2Sh/73lBQuql3+iy2X3XFEP3xdRRLLlF9uCEKW2wkgCiaJ8gS/XMQv bJMH5ltfupXaCJQnl4ddGYvxf1vFjCp3oQ8gBicP0dYtgWqiXvbvg6cZSwXsxWz/ wXH37ViRPgWC3+3keuVbHiHoAdp5HUVHMnltR8pc/JWc5ZcE4485PgftgvzHumMm 7a+IDON8TazoKuYO08qcu1uZoONvgCst/EC1YykHL3ZthPnbDuq56F7+Q7r/670= =CJcQ -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
