[165514] in North American Network Operators' Group
Re: The US government has betrayed the Internet. We need to take it
daemon@ATHENA.MIT.EDU (Nicolai)
Fri Sep 6 15:56:34 2013
Date: Fri, 6 Sep 2013 14:52:34 -0500
From: Nicolai <nicolai-nanog@chocolatine.org>
To: nanog@nanog.org
In-Reply-To: <522A271C.6070904@mtcc.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote:
> On 09/06/2013 11:19 AM, Nicolai wrote:
> >That's true -- it is far easier to subvert email than most other
> >services, and in the case of email we probably need a wholly new
> >protocol.
> >
>
> Uh, a first step might be to just turn on [START]TLS. We're not using the
> tools that have been implemented and deployed for a decade at least.
Agreed. Although some people are uncomfortable with OpenSSL's track record,
and don't want to trade system security for better-than-plaintext
network security.
But the deeper issue is coercing providers to give up mail stored on
private servers, bypassing the network altogether. TLS doesn't address
this problem. Short term: deploy [START]TLS. Long term: we need a new
email protocol with E2E encryption.
Nicolai
