Sure it does. You have confidentiality between the parties who are speaking together against third-parties merely passively intercepting the communication.
Authentication and Confidentiality are two completely separate things and can (and are) implemented separately. The only Authentication which would be of any value to me is if the certificates was issued by me to the other party. Otherwise, one must assume that the certificate is fake for the purposes of authentication (ie, has no more value than a self-signed certificate). > -----Original Message----- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Friday, 6 September, 2013 13:25 > To: Eugen Leitl > Cc: nanog@nanog.org > Subject: Re: The US government has betrayed the Internet. We need to > take it back > > On 09/06/2013 12:14 PM, Eugen Leitl wrote: > > On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote: > >> On 09/06/2013 11:19 AM, Nicolai wrote: > >>> That's true -- it is far easier to subvert email than most other > >>> services, and in the case of email we probably need a wholly new > >>> protocol. > >>> > >> Uh, a first step might be to just turn on [START]TLS. We're not using > the > >> tools that have been implemented and deployed for a decade at least. > > Of course: > > Received: from sc1.nanog.org (sc1.nanog.org [50.31.151.68]) > > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits)) > > (Client did not present a certificate) > > doesn't instill a lot of confidence :) It's better than nothing though. > > Mike
