Automatic e-mail encryption

Peter Lebbing peter at
Mon Jul 21 18:23:51 CEST 2014

On 21/07/14 15:32, Mark H. Wood wrote:
> Please remind me why we need an alternative to TLS.

Well, I actually meant X.509 and the CA system, which is what is currently
abundantly used in SSL and TLS. If you plug in a different form of
authentication, I think the rest is okay.

> I treat hop-by-hop encryption, not as an alternative to end-to-end,
> but as defense in depth.

Yes. I already explained why I think there is little difference when the mails
are stored unencrypted on a mailbox server. If you only decrypt to local
storage, then I agree.

By the way, regarding DANE as an alternative to the CA system: I think a proper
implementation of authentication through DNS could well be way better than the
CA system: at least you can only be screwed by people having access to signing
keys for the root and the TLD, instead of anyone with access to a CA certificate.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list