On Fri, Sep 06, 2013 at 01:04:48PM -0700, Michael Thomas wrote:
I'd say we already have those things too in the form of PGP/SMIME. Who knows what the NSA can break, but it's just not right to say that we need new protocols. The means has been there for many years to secure email (fsvo 'secure'), it's just that it's not terribly convenient so we just don't for the most part.
The scuttlebutt is that anything SMTP is unfixable, so XMPP/OTR is gap-filler until really distributed systems with zero metadata (Tahoe LAFS & Co) come along. In regards to Schneier's manifesto, it seems he's targeting noncorporate/nonaffiliated engineers, and there *has* been considerable activity in the woodworks in the past months. Most of the resulting countermeasures will be more for the network edge and end users, so not really operationally relevant for nanog. Sorry to waste your time, but it was worth a try.