[cap-talk] End to end encryption (was: network level ...)

[David Wagner]

In article <7.0.1.0.0.20060621105710.08fcb560 at nersc.gov> you write:
>Isn't one issue in dealing with IPsec that it needs to be available
>in the systems at both ends of any communication?

Yes.

>Is that a safe assumption these days?

Absolutely not.  Not even close.

That's why applications that want security typically use
application-layer crypto, like SSL.  And that's probably a good
solution.

>Why not try to get encrypted
>transport for email data as default and deal with the lack of such
>encrypted transport (for now just by accepting unencrypted service)?

It's a good idea.  The problem is that many SMTP servers don't make
it easy enough for administrators to enable encryption.  Have you ever
tried to enable STARTTLS in sendmail?  Have fun.  It's an hour or two
of gobbledygook.  It ought to be trivial, "flick this switch" -- and
the switch out to be set to "encrypt whenever possible" by default, so
no special action is needed from the user.  But many MTAs haven't paid
much attention to that usability side of things.

>>If the admin turned off IPsec then the socket requiring security
>>should fail to setup.
>
>Good points.  I wonder if the cap-talk list is an appropriate
>one for such discussions?  This thread started with the topic
>of protecting capabilities.  The topic of end-to-end encryption
>tied in regarding protecting capabilities on the wire (air).
>While end-to-end encryption is useful for such protection,
>it seems to me end-to-end encryption is a much broader
>topic.  Perhaps there's another list where that topic could be
>more appropriately discussed?

Perry Metzger's cryptography mailing list is probably the best place
for discussions of end-to-end encryption.