[Freedombox-discuss] DNS std for Freedomboxes? [was Re: Establishing Communicationbetween Freedomboxes]
nathan nolast
nathan1465 at gmail.com
Wed Aug 3 14:27:10 UTC 2011
a nice point to why we should have protocols that are secure by design, and
are developed to protect privacy from the gitgo
a user connecting to the network with unsecure settings, that is using
unsecure protocols and encryption methods that are easily cracked is a
security risk, and shouldn't not be welcome on the network. They pose a risk
of being an intermediary node transferring data between the Egyptian user
attempting to relay information from a repressive government which could
help with identifying a source.
this is one of those areas where enforcement is a must.
On Wed, Aug 3, 2011 at 3:47 AM, <bertagaz at ptitcanardnoir.org> wrote:
> On Wed, Aug 03, 2011 at 11:37:58AM +0800, Sandy Harris wrote:
> > On Wed, Jul 20, 2011 at 2:53 AM, Tony Godshall <togo at of.net> wrote:
> >
> > > Any downside to letting your adversary know what domains you are
> > > emailing to? Well, the mice probably don't want the octopus know that
> > > they are emailing via @octopusnotsogreat.org? But then again SMTP
> > > itself is not encrypted either...
> >
> > There is an opportunistic SSL-based encryption option for SMTP.
> > http://tools.ietf.org/html/rfc3207
>
> Sure, but as always with SSL, this is completely efficient only if you are
> able to first verify the certificate... This is still better than nothing
> but isn't a complete protection.
>
> AFAIK a monkeysphere implementation for SMTP is being worked on. This
> won't completely address the issue but will certainly help.
>
> > Any two servers with that set up will automatically encrypt all mail
> > transfers. If the Box runs a mail server, I'd say enabling that is a
> > no-brainer.
> >
> > The only question is whether, when the other server does not support
> > it, the Box should proceed with unencrypted transfer, or bounce the
> > mail back to the user with some "cannot send securely" message,
> > or try some alternate routing method.
> >
> > There's also "Using TLS with IMAP, POP3 and ACAP"
> > http://tools.ietf.org/html/rfc2595
> >
> > That covers the client-to-server transfer of mail. If the Box runs a
> > mail server, that's another obvious requirement.
> >
> > _______________________________________________
> > Freedombox-discuss mailing list
> > Freedombox-discuss at lists.alioth.debian.org
> >
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
--
Thank you for your time
~Nathan
nathan1465 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110803/bb4e3efe/attachment.html>
More information about the Freedombox-discuss
mailing list