Re: Thunderbird and end-to-end email encryption – should this be a priority?
neandr at gmx.de
Mon Aug 31 15:38:48 UTC 2015
Can you / or someone else comment about the threat with pretty easy
privacy... the pEp (p≡p)? Think that's a promising technology ... and
those people seems to support TB also!
On 31.08.2015 15:06, Joshua Cranmer 🐧 wrote:
> On 8/30/2015 3:32 AM, Nomis101 wrote:
>> If we are talking about secure email, a question I long asked myselfe
>> is, why is mozilla not finishing the implementation of DNSSEC/DANE?
>> There are only half-ready patches on Bugzilla. There are some email
>> servers supporting this allready .
> <https://www.imperialviolet.org/2015/01/17/notdane.html> (written by a
> Chrome developer, but still more or less the same arguments apply).
> 1. DNSSEC uses 1024-bit RSA everywhere, where browsers/CAs are trying
> to rip that out.
> 2. DNSSEC still has some problems getting to clients in certain
> networks (primarily mobile ones is my understanding).
> 3. Given #2, requiring DANE records to validate SSL certificates is
> untenable to roll out. The other security gains from DANE are rather
> suspect--it's vulnerable to downgrade attack, pinning is already
> possible in HTTP, and DNS is rather poorly audited compared to most CAs.
More information about the tb-planning