added moar figure

sftcd · Jul 15, 2017 · ee15485 · ee15485
1 parent f5acc8d
commit ee15485
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -543,6 +543,23 @@ TLS list, the UTA working group are also developing MTA-STS to try improve that
 situation, so any argument that mail senders and receivers do not expect
 confidentiality is sadly outdated.
 
+<pre>
+
++-----------+  +--------------+      +----------+     +---------+  +-------------+
+|mail sender+--+Submit serveer+--+---+AV scanner+-----+Recip MTA+--+mail receiver|
++-----------+  +--------------+  |   +-----+----+     +---------+  +-------------+
+                                 |         |
+                                 |         |
+                                 |         |
+                  -----------------       ----------------
+                  | TLS decrypter |-------| key manager  |
+                  -----------------       ----------------
+
+                Figure: SMTP/TLS wiretapping setup using 
+    https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01
+
+</pre>
+
 1. As another example, consider (esp. vanity domain) web sites where 
 the domain holder doesn't have shell access to the 
 machine that hosts the web site. 
@@ -563,6 +580,27 @@ has millions of such users, as do many many other hosted
 sites where those communicating do not have access to 
 a shell or to the TLS server configuration.
 
+<pre>
+
++--------------+       +---------------+        +--------------+
+|blog commenter+---+---+Hosted Web Site|----+---+blog commenter|
++--------------+   |   +-------+-------+    |   +--------------+
+                   |           |            |
+                   |           |            |
+                   |    -------+--------    |
+                   |    | key manager  |    |
+                   |    ----------------    |
+                   |           |            |
+                   |           |            |
+                   |   --------+--------    |
+                   +---+ TLS decrypter +----+
+                       -----------------
+
+                Figure: Hosted web site wiretapping setup using 
+    https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01
+
+</pre>
+
 It does not matter that in these cases the third
 party (AV scanner or hoster) has access to the
 cleartext but does not supply that to the consumer