On 21/07/14 15:32, Mark H. Wood wrote: > Please remind me why we need an alternative to TLS.
Well, I actually meant X.509 and the CA system, which is what is currently abundantly used in SSL and TLS. If you plug in a different form of authentication, I think the rest is okay. > I treat hop-by-hop encryption, not as an alternative to end-to-end, > but as defense in depth. Yes. I already explained why I think there is little difference when the mails are stored unencrypted on a mailbox server. If you only decrypt to local storage, then I agree. By the way, regarding DANE as an alternative to the CA system: I think a proper implementation of authentication through DNS could well be way better than the CA system: at least you can only be screwed by people having access to signing keys for the root and the TLD, instead of anyone with access to a CA certificate. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
