[Cryptography] ISPs caught in STARTTLS downgrade attacks

grarpamp grarpamp at gmail.com
Thu Nov 13 19:38:11 PST 2014 

On Thu, Nov 13, 2014 at 2:01 PM, Bear <bear at sonic.net> wrote:
> End-to-end email encryption solutions such as PGP do not
> protect crucial elements in the headers.

Failure!

> STARTTLS
> ... can only be run by the parties that run the mail
> servers.

Failure!

>  Since most correspondents rely on mail servers operated
> by their ISP's

Failure!

> (and most ISP's block customer mail servers as
> non-negotiable policy in order to limit spam sending)

Failure!

> The plaintext of STARTTLS
> email is normally visible to the sender's ISP and receiver's
> ISP.

Failure!

> Unfortunately, the ISPs do not risk substantial losses from
> failures of STARTTLS

Failure!

> and can subvert or fail to implement it
> in ways not immediately visible to those who do.

Failure!

> Predictably
> some have therefore been subverting or failing to implement
> it.

Win! (For them and their cronies that is.)

Traditional mail providers love:
a) Money
b) Plaintext
c) Control

They have stakes in their own game, you are not a stakeholder,
thus they are not your friends.

In this world, your only friend is you. You need to thus:
a) Donate to account agnostic infrastructures that you use
b) Remain in control of all keying and encrypt everything
c) Use a P2P model, retain control, no more 'accounts', accounts
   are control and privacy failures individualized just for you

> I'm increasingly of the opinion that there is no protocol
> that can be derived from SMTP and compatible with it

The traditional email model as we know it is fucked. You CANNOT fix
'Email'. And anyone who claims they can is full of shit. The model
is broken. You have to throw it out and create a new messaging model.

> that
> can provide the practical privacy of a paper letter in a
> paper envelope.

No!, there is no privacy there whatsoever.
1) All addressing/envelope info is recorded/imaged at the processing
facility, tracked, stored forever, and shared with adversaries.
2) Users are similarly imaged and linked via payments at drop off
and pick up.
3) It's not encrypted.
4) The user has to trust untrustworthy entities with 1, 2 and 3.

That is abject failure! To even bring it up as supposedly being
secure, even if only to compare models with grandma... is ludicrous.
The post is secure by fiat, and these days the word of fiat isn't
enough to buy the damn stamp. Even grandma will tell you that.

> Sigh.  One more round of "Internet Mail, Privacy Fail."

You cannot fix Email. Period.

The only real solution is messaging end user to end user over an
anonymous encrypted P2P network.

Here's a long thread on that you can read and start working towards:

The next gen P2P secure email solution
https://cpunks.org/pipermail/cypherpunks/2013-December/002638.html
...
https://cpunks.org/pipermail/cypherpunks/2014-July/004900.html

More information about the cypherpunks mailing list