Yeah, the NSA-proof thing was overstated, at least as it was taken-up by press. Doesn't mean we don't have work to do though. We do, and its better to focus on that than on any particular term, hyperbolic or not.
And things can be done by us, and others, e.g. I was happy to see FB's figures [1] showing 58% of their outbound mail now being encrypted via STARTTLS, which is afaik a significant increase on what'd have been the case a couple of years ago. There's also a significant increase in deployment of PFS ciphersuites in such cases as well when compared to a year or two ago so I'm told. I for one do not believe that that makes no difference to the spooks. Esp if we can get many more deployments doing much more of that and similar. (Hint: if you're an active participant in httpbis - go implement/argue-for/test that opportunistic security alt-svcs thing and try to help do for the web what FB have shown works for MTA-MTA SMTP:-) Which brings it back to our bit of the work - to make it easier for many more deployments to deploy reasonable security (which is not all crypto) where there are protocol barriers getting in their way. It doesn't matter so much how those barriers got there, but its really clear what we need to be doing about any such. Cheers, S. [1] https://www.facebook.com/notes/1453015901605223/ On 16/05/14 21:30, Brian E Carpenter wrote: > I've been waiting for Peter Gutmann's slides to appear on line > since I first saw them some months ago. Well worth studying: > > http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf > > Favourite quotes: "It's probably at least some sort of sign > of the end times when your conference badge has a rootkit." > > "There were so many other ways to render DKIM ineffective > that no-one bothered attacking the crypto." > > News story: > http://www.theregister.co.uk/2014/05/16/kiwi_prof_calls_bunk_on_nsaproof_tech_says_crypto_is_enough/ > > Regards > Brian > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
