Re: mail crypto, was the introduction problem, was Email

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/4/22 10:09, Christopher Morrow wrote:

On Tue, May 3, 2022 at 10:51 PM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:

Of course, having email transmitted in cleartext creates lots of
nontrivial problems also.  It's just that we regard those problems as
"normal", or pretend that they don't exist.


How much do we think 'transmitted in cleartext' exists anymore?
Hadn't all of the large email vendors basically forced TLS on the smtp path ~4-5yrs back?
Hasn't imap (without TLS) been non-supported by pretty much everyone for ~10+yrs?
TLS is still negotiated on a per-hop basis, and STARTTLS is subject to downgrading attacks from well-placed intermediaries.
Is the problem you (and to some extent John) point out actually data-at-rest and not data-in-flight?

It's both, of course.  

Keith



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux