Re: message encryption with SMTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> Il 01/01/2022 18:03 Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> ha scritto:
> 
> Individuals don't want their MSPs to have their private keys. It's 
> possible that MSPs (at least in certain countries) would use the same 
> mechanism as enterprises to force disclosure of private keys.   In 
> theory individuals can have their own DNS names and set up their own 
> SMTP servers.  (making this manageable by ordinary people at scale is 
> still an unsolved problem but might be solvable)   But oppressive states 
> would probably try to thwart that.

Actually, today the biggest obstacle for those users (like me) that insist on running their own 1-domain, 1-user SMTP server is that the "intelligent" antispam filters of Gmail and the likes will very frequently treat you as a spammer by default, and taint or even reject your messages. The message flows are simply too small for data-based heuristics to work well. 

In general, any hurdle against the deployment of personal or small-scale email servers - apart from the usual consolidation issues - will hit exactly those users who care about their privacy up to the point of running their own server. This is something we should pay attention to.

> I think there's room to add mail encryption to SMTP.  The protocol 
> extensions can be worked out, and major MSPs would probably find them 
> attractive to their customers.   I believe that doing so would raise the 
> bar for some kinds of attacks and malicious behavior.   But there's no 
> way to please everybody, and maybe no way to really provide the privacy 
> that many of us would like to provide.

As a webmail provider to several big ISPs, we offer an OpenPGP-based UI extension that allows users to encrypt/decrypt messages, managing keys etc. Not all of our customers want it, and in general, the feedback is that the end-user demand for e2e-encrypted email is very low. In the past years we put quite some educational effort in promoting STARTTLS and proper encryption configuration (e.g., disable insecure ciphersuites) and that seems to be the most of encryption that currently the mass market demands.

-- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@xxxxxxxxxxxxxxxx 
Office @ Via Treviso 12, 10144 Torino, Italy





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux