Automatic e-mail encryption
Peter Lebbing
peter at digitalbrains.com
Mon Jul 21 18:23:51 CEST 2014
On 21/07/14 15:32, Mark H. Wood wrote:
> Please remind me why we need an alternative to TLS.
Well, I actually meant X.509 and the CA system, which is what is currently
abundantly used in SSL and TLS. If you plug in a different form of
authentication, I think the rest is okay.
> I treat hop-by-hop encryption, not as an alternative to end-to-end,
> but as defense in depth.
Yes. I already explained why I think there is little difference when the mails
are stored unencrypted on a mailbox server. If you only decrypt to local
storage, then I agree.
By the way, regarding DANE as an alternative to the CA system: I think a proper
implementation of authentication through DNS could well be way better than the
CA system: at least you can only be screwed by people having access to signing
keys for the root and the TLD, instead of anyone with access to a CA certificate.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list