[165544] in North American Network Operators' Group
RE: The US government has betrayed the Internet. We need to take it
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat Sep 7 20:39:17 2013
Date: Sat, 07 Sep 2013 18:38:48 -0600
In-Reply-To: <522A2C03.5040608@mtcc.com>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sure it does.
You have confidentiality between the parties who are speaking together agai=
nst third-parties merely passively intercepting the communication.
Authentication and Confidentiality are two completely separate things and c=
an (and are) implemented separately.
The only Authentication which would be of any value to me is if the certifi=
cates was issued by me to the other party. Otherwise, one must assume that=
the certificate is fake for the purposes of authentication (ie, has no mor=
e value than a self-signed certificate).
> -----Original Message-----
> From: Michael Thomas [mailto:mike@mtcc.com]
> Sent: Friday, 6 September, 2013 13:25
> To: Eugen Leitl
> Cc: nanog@nanog.org
> Subject: Re: The US government has betrayed the Internet. We need to
> take it back
>
> On 09/06/2013 12:14 PM, Eugen Leitl wrote:
> > On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote:
> >> On 09/06/2013 11:19 AM, Nicolai wrote:
> >>> That's true -- it is far easier to subvert email than most other
> >>> services, and in the case of email we probably need a wholly new
> >>> protocol.
> >>>
> >> Uh, a first step might be to just turn on [START]TLS. We're not using
> the
> >> tools that have been implemented and deployed for a decade at least.
>
> Of course:
> > Received: from sc1.nanog.org (sc1.nanog.org [50.31.151.68])
> > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
> (256/256 bits))
> > (Client did not present a certificate)
>
> doesn't instill a lot of confidence :) It's better than nothing though.
>
> Mike
