On Mar 21, 2014, at 5:27 AM, Ted Lemon <[email protected]> wrote: > On Mar 21, 2014, at 7:40 AM, Robin Wilton <[email protected]> wrote: >> Even if an email goes from my browser to Google's servers over https, and >> goes between Google's servers over https, I did not see a commitment to >> encryption of the email when it is at rest, rather than in motion... > > Best is the enemy of good enough. To compromise your mail on the server, > they have to compromise the server. To compromise it in flight, they just > have to tap the network.
But what we know of access to email and other information is that “they”, whether identified as NSA or random other governments, hack the server. This sounds like a matter of looking where one is thinking about. There’s an old story that exemplifies it well. A passerby tries to help a drunk find his keys. The drunk is looking near a street lamp. Asked where he was when he lost them, he points down a dark alley. “Why are you looking here?” “The light is so much better”… Encrypting data in flight is a good thing. Encrypting data in flight end to end is a better thing. If you’re trying to encrypt it where “they” look at it, you need to think about encryption at rest. Reason? Per reports, that’s where they look at it. China broke into various companies’ computers, as did the NSA. I find this whole discussion minorly inane. Yes, encryption is a good thing, and yes, after however-many-years of talking about it, I’d like to see it done. The problem that brought this up, the Snowden reports, was that the NSA (and the EU) were accessing *metadata*. Wouldn’t it be interesting to solve the problem at hand rather than the one we think we might already know how to solve?
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
