On Fri, Jan 17, 2014 at 1:22 AM, Christian Huitema <[email protected]>wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > PGP and S/MIME are both unable to protect meta-data against an attacker > with intercept capability. > > > > STARTTLS is unable to protect content against attack by a corrupt system > administrator. > > > > To have comprehensive security we need both the End 2 End security to > protect the data at rest > > and the transport layer security to protect the metadata in motion. > > Well, yes, of course. But we also have to start somewhere. STARTTLS is > reasonably easy to deploy, and many mail services are either already > deploying it or are in the process of deploying it. The channel protection > with STARTTLS will not protect against compromised servers, and will not > prevent providers to comply with national security letters and other > subpoenas. But it will prevent the bulk collection of message headers by > tapping links, and that's a very good first step. > Which was my argument. Except that there is nothing STARTTLS or PGP or S/MIME can do against a national security letter demanding metadata from a server. So it is fine to use NSLs as an argument for doing more than STARTTLS, it is not an argument for doing PGP or S/MIME instead. The law authorizing NSLs does limit them to metadata in theory but we don't have any evidence to suggest that they are not widely abused and used for content and there are plenty of reasons to distrust agencies of a government that was engaged in torture under the previous administration. The SMTP SEND, RCPT (and to a lesser degree RFC822 header) data has to be public for the system to work. I think I have a scheme that sorts out the usability catastrophe and trust model limitations of the End to End model. What I was saying is that doing that does not eliminate the need for STARTTLS. We can discuss mechanisms for dealing with NSLs but I don't think that is productive until we have the E2E issue solved in practice rather than a large scale science project. A million users is not enough on a network with a billion users. My PPE scheme does provide a hole where someone can wire in a scheme that protects metadata and has protection against traffic analysis. But that isn't something I would make a priority at this stage. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
