Re: Thunderbird and end-to-end email encryption – should this be a priority?

neandr neandr at gmx.de
Mon Aug 31 15:38:48 UTC 2015


Can you / or someone else comment about the threat with pretty easy 
privacy... the pEp (p≡p)? Think that's a promising technology ... and 
those people seems to support TB also!

https://www.indiegogo.com/projects/pep-pretty-easy-privacy#/story

On 31.08.2015 15:06, Joshua Cranmer 🐧 wrote:
> On 8/30/2015 3:32 AM, Nomis101 wrote:
>> If we are talking about secure email, a question I long asked myselfe
>> is, why is mozilla not finishing the implementation of DNSSEC/DANE?
>> There are only half-ready patches on Bugzilla. There are some email
>> servers supporting this allready [1].
>
> <https://www.imperialviolet.org/2015/01/17/notdane.html> (written by a 
> Chrome developer, but still more or less the same arguments apply). 
> Basically:
> 1. DNSSEC uses 1024-bit RSA everywhere, where browsers/CAs are trying 
> to rip that out.
> 2. DNSSEC still has some problems getting to clients in certain 
> networks (primarily mobile ones is my understanding).
> 3. Given #2, requiring DANE records to validate SSL certificates is 
> untenable to roll out. The other security gains from DANE are rather 
> suspect--it's vulnerable to downgrade attack, pinning is already 
> possible in HTTP, and DNS is rather poorly audited compared to most CAs.
>




More information about the tb-planning mailing list