[cryptography] The next gen P2P secure email solution
rysiek
rysiek at hackerspace.pl
Thu May 15 20:16:35 PDT 2014
Dnia czwartek, 15 maja 2014 20:26:27 grarpamp pisze:
> >> pesky to/from/subject/etc headers.
> >
> > Oh boy, here we go.
> > Those are hidden by use of TLS.
>
> Have you not been following the weaknesses intrinsic
> to SMTP discussions?
> Yes, they are hidden in TLS transport on the wire.
> No, they are not hidden in core or on disk at
> the intermediate and final message transport
> nodes. That's bad.
And I don't think they're hidden in any meaningful way on the server-to-server
wire. As in: whose mailserver validates TLS of the destination server?
That's actually an interesting research question. This goes for other semi-
decentralised, client-server services like XMPP for instance.
And even if they do validate it, thinking that NSA et al do not have root
certs allowing them to MITM the communication as they wish is naivety.
--
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140516/ee462c44/attachment-0002.sig>
More information about the cypherpunks
mailing list