[FoRK] Fwd: [IP] What It’s Like to Get a National-Security Letter

David Edmondson dme at dme.org
Mon Jul 1 07:23:10 PDT 2013


On Mon, Jul 01 2013, Eugen Leitl wrote:
> On Mon, Jul 01, 2013 at 12:40:31PM +1000, Noon Silk wrote:
>> interesting read.
>> 
>> last line is also nice:
>> 
>> ------------------------------------------------------------------------------------------------------------
>> 
>> *Do you encrypt all your own e-mail, as a result of this stuff?*
>> 
>> No, that’s really hard.
>
> No, it isn't. Encryption is easy, key management is hard.

Maybe that explains "not verified"?

>         (Client CN "xent.com", Issuer "xent.com" (not verified))

Sure the bits between you and xent.com were encrypted, but you don't
have assurance that they couldn't be trivially decrypted by someone at
xent.com, or someone who could mess with xent.com's DNS records, or ...

Then the messages are un-encrypted whilst at rest on the xent.com
disks. Then they are un-encrypted whilst at rest on the recipients
machine.

I'm in favour of what you've described, but it's not really that big a
deal.


More information about the FoRK mailing list