TL writes: > There are a lot of things you'd like your mail to do that can't > be done if you don't trust the machine where the mail is stored. > If you want both security and features, you probably need to run > your own server, or else you need some trust relationship with the > service provider that likely isn't practical in a lot of cases, > and isn't even _possible_ if your threat model is something on the > level of not being victimized by NSLs.
One might suggest never sending the same message twice. Why? Because sending it twice, even if encrypted, allows a kind of analysis by correlation that cannot otherwise happen. Maybe that's too paranoid, so let's back off a little. One might suggest that the individual or the enterprise that outsources its e-mail to a third party thereby creates by itself and for itself the risk of silent subpoenas delivered to their outsourcer. If, instead, the individual or the enterprise insources its e-mail then at the very least it knows when its data assets are being sought because the subpoena comes to them. Maybe insourcing your e-mail is too much work, but need I remind you that plaintext e-mail cannot be web-bugged, so why would anyone ever render HTML e-mail at all? The above is an excerpted paragraph from my speech to the RSA Conf on 28 Feb, meaning nothing more than that I'm on the record. We Are All Intelligence Officers Now http://geer.tinho.net/geer.rsa.28ii14.txt --dan _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
