[Nottingham] Email downgrade attacks?

Jason Irwin jasonirwin73 at gmail.com
Thu Nov 13 08:58:35 UTC 2014


On 12/11/14 20:28, Martin wrote:
> But then again, that is a rather dubious 'workaround' to intercept
> email spam and malware... And everything else... Except I don't think
> it should be done that way!
I guess the simple thought is that people don't run email servers from
home and for 99.99% of people that's true.
In fact, ISPs like Verizon don't want you running services from home.
Period. Hence why upload speeds suck.
VirginMedia...I'm looking at you. You 3mbps sods.
A&A looks better every day, so does moving to near the M6 and signing up
to b4rn!

> This is looking like we cannot have any trust with any part of any
> internet route. :-(
> Long gone are the days of sysadmins taking pride in trust and of being
> held in high esteem?...
I think that's actually part of the problem. Back in the day when
everyone knew everyone else, trust was easy. It was personal. The legacy
tools (i.e. everything we use!) are based on that personal and
professional trust. If someone was looking at your packets/mail headers,
it was only to figure out what was going wrong somewhere. Sending in the
clear was no big, people wouldn't poisons DNS because...well...why? What
would be the point?
It's no longer that way. Now they look at your packets to inject
tracking cookies. Or worse.
If the origins had been "I can only trust myself and the intended
recipient, every hop is hostile" then we might have a different set of
tooling.
We'd also have no (or a very much smaller) Internet as ease of use and
security are not happy bedfellows.
Take GPG/PGP. Simple enough to use, utter PITA to set-up.

Even the "darkweb" doesn't really solve the trust problem, it just hides
you from one set of prying eyes. And if Europol is to believed, it's not
very good at that.

/waffle

-- 
╔═════════════╦══════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║             ║ Import from hkp://pgp.mit.edu            ║
╚═════════════╩══════════════════════════════════════════╝



More information about the Nottingham mailing list