Il 11/27/13, 10:01 PM, Jeffrey Walton ha scritto: > >>> The problem with DANE is the lack of DNSSEC. If we had both [...] >> When I refer to DANE, I also mean that DNSSEC must be there. We're >> getting there. > Isn't the key distribution problem being pushed into DNS? The > underlying problem still exists. To fix massive interception, that's passive, we do not need "authenticated encryption".
We just need to have a widely used and diffused "opportunistic encryption" with unauthenticated TLS on SMTP-to-SMTP communications. Authenticating keys with DNSSEC/DANE or TOFU, is imho a nice "additional feature", but it's not required to fix the massive interception, that's passive. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography