--On Sunday, February 21, 2016 09:08 -0800 Lixia Zhang
<lixia@xxxxxxxxxxx> wrote:
> There has probably been no idea more damaging to the security
> of the Internet than the idea that end-to-end is the only way
> to do security.
>
> Email is an intrinsically store and forward system. Every
> network mail system has had at least three parties and
> Internet mail has had a four corner model since the early 90s.
>
> I'd also add that this issue is not limited to just email (a
> cisco forecast claims that "Sixty-two percent of all Internet
> traffic will cross content delivery networks by 2019
> globally", note that today's CDN traffic is not limited to
> videos, but includes other more critical contents). Lets
> recognize the fact that "Internet achieves end-to-end security
> by end-to-end encrypted channel" is an illusion, as data is
> not delivered through an end-to-end connection in many cases
> today, and it is likely to become more so with more mobiles
> and DTN-style apps.
Lixia,
While I agree with everything you say above, I am not clear
about where you think it takes us. In particular, there is a
layering issue involved with, e.g., "end to end" meaning
something different for IP and TCP than it does for, e.g., mail
payloads. Precisely because of the comments you make above in
combination with the observation that there is a much more
extensive history of compromised servers (including those that
relay mail)than of compromises to the long-haul network, where
the latter is involved, I'm aware of only two alternatives:
(i) Encryption of content on what the email community
often describes as an end-to-end basis.
(ii) More or less explicitly trusting every system
involved in the transmission of the message.
In most cases, the second alternative should be treated with
derision.
As with packet headers at lower levels in the system, the above
does nothing to protect against those whose interest is in the
information about where traffic is originated and where it is
bound.
john
>
>