nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The US government has betrayed the Internet. We need to take it back

From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Sat, 07 Sep 2013 18:38:48 -0600

Sure it does.

You have confidentiality between the parties who are speaking together against third-parties merely passively 
intercepting the communication.

Authentication and Confidentiality are two completely separate things and can (and are) implemented separately.

The only Authentication which would be of any value to me is if the certificates was issued by me to the other party.  
Otherwise, one must assume that the certificate is fake for the purposes of authentication (ie, has no more value than 
a self-signed certificate).


-----Original Message-----
From: Michael Thomas [mailto:mike () mtcc com]
Sent: Friday, 6 September, 2013 13:25
To: Eugen Leitl
Cc: nanog () nanog org
Subject: Re: The US government has betrayed the Internet. We need to
take it back

On 09/06/2013 12:14 PM, Eugen Leitl wrote:

On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote:

On 09/06/2013 11:19 AM, Nicolai wrote:

That's true -- it is far easier to subvert email than most other
services, and in the case of email we probably need a wholly new
protocol.


Uh, a first step might be to just turn on [START]TLS. We're not using

the

tools that have been implemented and deployed for a decade at least.


Of course:

Received: from sc1.nanog.org (sc1.nanog.org [50.31.151.68])
         (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384

(256/256 bits))

         (Client did not present a certificate)


doesn't instill a lot of confidence :) It's better than nothing though.

Mike
Previous By Date Next
Previous By Thread Next

Current thread: