Hiya, On 10/15/2013 12:18 PM, Yoav Nir wrote: > But with anon-DH you're not making those large populations less > subject to pervasive monitoring. You've only made it a bit more > difficult, and not in a way that is significant to the adversaries > we're talking about. > > You would get them better security if they were doing TLS with mutual > authentication, but that requires a lot of infrastructure, and you > would hesitate to mandate that even if IMAP was a new protocol. You > added "perhaps with anon DH" because you know what response you would > get if you had said instead "with mutual authentication and PFS".
In this case, it appears (but we don't know) that the monitoring was done at a lower layer and a mitm would arguably be more expensive and more detectable, so even anon DH might help enough to get Yoav's inbox off the list of those 500,000 getting snarfed each day. But, that's really discussing the IMAP-specific "how to mitigate" and the more interesting question I think is whether we should regard this report as an existence proof of a protocol design failure that's had the spotlight shined on it a decade after 3501 was published, or as a mere case of deployments that didn't do the right thing. S. _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass