Re: [perpass] Crypto scorecard released by EFF
ned+perpass@mrochek.com Thu, 21 November 2013 22:48 UTC
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B15A41AE3CF for <perpass@ietfa.amsl.com>; Thu, 21 Nov 2013 14:48:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.427
X-Spam-Level:
X-Spam-Status: No, score=-2.427 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.525, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nmur2jm0O9O2 for <perpass@ietfa.amsl.com>; Thu, 21 Nov 2013 14:48:07 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id F21811AE3CE for <perpass@ietf.org>; Thu, 21 Nov 2013 14:48:06 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P11W3QK7GG0017RZ@mauve.mrochek.com> for perpass@ietf.org; Thu, 21 Nov 2013 14:42:55 -0800 (PST)
MIME-version: 1.0
Content-type: text/plain; charset="windows-1252"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P0USA6030W00004G@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Thu, 21 Nov 2013 14:42:50 -0800 (PST)
From: ned+perpass@mrochek.com
Message-id: <01P11W3OG7H400004G@mauve.mrochek.com>
Date: Thu, 21 Nov 2013 14:32:41 -0800
In-reply-to: "Your message dated Thu, 21 Nov 2013 14:57:31 -0500" <CAL02cgSdzv3gTse1qYU8as8yqvPu+u_OWDMkLZtHLBKAQ+2N4w@mail.gmail.com>
References: <F5063677821E3B4F81ACFB7905573F2406540952D1@MX15A.corp.emc.com> <FA578C16-7BF6-456C-8998-CC977C860DE9@cisco.com> <F5063677821E3B4F81ACFB7905573F2406540952D6@MX15A.corp.emc.com> <CAL02cgSdzv3gTse1qYU8as8yqvPu+u_OWDMkLZtHLBKAQ+2N4w@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: "perpass@ietf.org" <perpass@ietf.org>, "Moriarty, Kathleen" <kathleen.moriarty@emc.com>, "Fred Baker (fred)" <fred@cisco.com>
Subject: Re: [perpass] Crypto scorecard released by EFF
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2013 22:48:09 -0000
> The link: > https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what#crypto-chart Too bad the creators of this survey had no idea what they were doing when it comes to email. For one thing web access != webmail != IMAP/POP/SUBMIT, and it is a known fact that several of these vendors, e.g., Yahoo, require SSL/TLS for some of these and don't allow it at all for others. (This was one of the big holes the NSA exploited, so yeah, it matters.) And for another, STARTTLS as presently specified is *not* an opportunistic encryption facility. And there are significant operational problems with using it that way. I've already discussed why this is so elswhere so I won't bother to repeat the details here. Ned
- [perpass] Crypto scorecard released by EFF Moriarty, Kathleen
- Re: [perpass] Crypto scorecard released by EFF Fred Baker (fred)
- Re: [perpass] Crypto scorecard released by EFF Moriarty, Kathleen
- Re: [perpass] Crypto scorecard released by EFF Ted Lemon
- Re: [perpass] Crypto scorecard released by EFF Richard Barnes
- Re: [perpass] Crypto scorecard released by EFF ned+perpass
- Re: [perpass] Crypto scorecard released by EFF SM