Fwd: It's time for PGP to die.
Mark H. Wood
mwood at IUPUI.Edu
Mon Aug 18 18:24:43 CEST 2014
On Mon, Aug 18, 2014 at 08:15:49AM -0600, Aaron Toponce wrote:
> On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote:
> > Perhaps it would be a start if sites providing SMTP would turn on
> > STARTTLS.
>
> STARTTLS does not encrypt mail. It only provides safe passage over the network.
Sure, it does encrypt mail. My SMTP has mail from me to deliver. It
contacts an SMTP that it thinks can get the mail closer to its
addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they
handshake, and the rest of the session, including MAIL FROM, RCPT TO,
and my mailgram following the DATA, is encrypted over the wire.
> It is also client/server encrypted and decrypted. Thus, an administrator with
> root at an SMTP server can view the mail once the mail transfer is decrypted.
As is often said here, "what's your threat model?" Keeping
nonprivileged people out of the transaction is worthwhile, if I am
worried about mail being spied on in transit. STARTTLS greatly
reduces the number of parties who could just read email metadata if
they have access to the wire.
Sysadmin.s take a risk if they are prying into the mail spool -- they
could be discovered. Governments, too, may judge that the cost of
exposure of such activity is worth more than the advantage of doing
it.
But I wouldn't depend solely on STARTTLS for securing email any more
than I am satisfied to depend solely on encrypting the message body
with OpenPGP or similar means. I believe in making the bad guys take
as much time, create as much mess, and make as much noise as I can
compel. It costs almost nothing to make as much trouble as possible
for snoopers, and it's interesting work, so why not do it?
> Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as
> Google, Yahoo, and Microsoft.
You mean those webmail thingies that I never use? There's so much we
don't know about their security practices that I wasn't even thinking
about such services. My remark was focused on the scenario above:
there is a local MUA, a local MTA and a remote MTA.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140818/69afcfd0/attachment.sig>
More information about the Gnupg-users
mailing list