Re: message encryption with SMTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It appears that Christopher Morrow  <morrowc.lists@xxxxxxxxx> said:
>a bunch of the conversation about this seems a whole lot like 'tilting at windmills'.
>The fact that 'encrypted email, end-to-end, has effectively 0% market share' really
>says a lot about it as a product.

It really feels like a lot of the threat models are stuck in the distant past.

In about 1990 a guy named Brad Councilman ran an early e-commerce site to
sell used books, both from his bookstore and from other stores, and provided
e-mail accounts to those other stores.  He was accused (falsely, it later
turned out) of using procmail to make copies of his competitors' mail, and
a long and complicated court case turned on the detail of whether mail was
"in transit" or "in storage" for the moment when procmail putatively made
the copy.  

We uucp users used bang paths to route mail through long chains of
hosts to limit phone costs and Internet mail had at least two
different ways to say to route a message through intermediate hosts,
the official one and the percent hack, to get around connectivity
gaps.

You know what?  Mail doesn't work that way any more.  It all goes
directly over the Internet from the sending host to the recipient
host.  STARTTLS prevents snooping in transit, and MTA-STS lets you
detect attempts to snoop by host spoofing.  The plague of spam and
malware makes it essential for the recipient system to be able to
look inside the mail and decide if it's worth delivering.  Maybe some
people don't trust their mail providers, but considering how many
mail users use ad-supported free mail systems, most do.

So I'd be interested in a clear statement (preferably on the
ietf-smtp list) what problem a proposed solution is intended
to solve before arguing about the implementation details.

R's,
John




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux