Ed Gerck wrote:
List,
I would like to address and request comments on the use of SSL/TLS and
port 587 for email security.
The often expressed idea that SSL/TLS and port 587 are somehow able to
prevent warrantless wiretapping and so on, or protect any private
communications, is IMO simply
Ed Gerck wrote, On 23/1/08 7:38 AM:
The often expressed idea that SSL/TLS and port 587 are somehow able to prevent
warrantless wiretapping and so on, or protect any private communications, is
IMO simply
not supported by facts.
I would like to see some facts to support the assertion
* Ed Gerck:
The often expressed idea that SSL/TLS and port 587 are somehow able
to prevent warrantless wiretapping and so on, or protect any private
communications, is IMO simply not supported by facts.
Huh? Have you got a source for that? This is he first time I've
heard of such claims
At 10:38 AM -0800 1/22/08, Ed Gerck wrote:
The often expressed idea that SSL/TLS and port 587 are somehow able
to prevent warrantless wiretapping and so on, or protect any private
communications, is IMO simply not supported by facts.
Can you point to some sources of this often expressed idea
On 22 January 2008 18:38, Ed Gerck wrote:
It is misleading to claim that port 587 solves the security problem of
email eavesdropping, and gives people a false sense of security. It is
worse than using a 56-bit DES key -- the email is in plaintext where it is
most vulnerable.
Well, yes:
Bodo Moeller wrote:
You don't take into account the many users these days who use wireless
Internet access from their laptop computers, typically essentially
broadcasting all network data to whoever is sufficiently close and
sufficiently nosy.
Yes. Caveats apply but SSL/TLS is useful and
On Tue, 22 Jan 2008 21:49:32 -0800
Ed Gerck [EMAIL PROTECTED] wrote:
As I commented in the
second paragraph, an attack at the ISP (where SSL/TLS is
of no help) has been the dominant threat -- and that is
why one of the main problems is called warrantless
wiretapping. Further, because US law
At 9:49 PM -0800 1/22/08, Ed Gerck wrote:
Can you point to some sources of this often expressed idea? It
seems like a pretty flimsy straw man.
It is common with those who think that the threat model is
traversing the public Internet.
I'll take that as a no.
For examples on claiming that
Steven M. Bellovin wrote:
On Tue, 22 Jan 2008 21:49:32 -0800
Ed Gerck [EMAIL PROTECTED] wrote:
As I commented in the
second paragraph, an attack at the ISP (where SSL/TLS is
of no help) has been the dominant threat -- and that is
why one of the main problems is called warrantless
wiretapping.
On Wed, 23 Jan 2008 08:10:01 -0800
Ed Gerck [EMAIL PROTECTED] wrote:
Steven M. Bellovin wrote:
On Tue, 22 Jan 2008 21:49:32 -0800
Ed Gerck [EMAIL PROTECTED] wrote:
As I commented in the
second paragraph, an attack at the ISP (where SSL/TLS is
of no help) has been the dominant threat
to do with warrants.
First, there is no confusion here; I was simply addressing both
issues as in my original question to the list:
The often expressed idea that SSL/TLS and port 587 are
somehow able to prevent warrantless wiretapping and so on, or
protect any private communications, is IMO
On Tue, Jan 22, 2008 at 10:38:24AM -0800, Ed Gerck wrote:
List,
I would like to address and request comments on the use of SSL/TLS and port
587 for email security.
The often expressed idea that SSL/TLS and port 587 are somehow able to
prevent warrantless wiretapping and so
List,
I would like to address and request comments on the use of SSL/TLS and port 587
for email security.
The often expressed idea that SSL/TLS and port 587 are somehow able to prevent
warrantless wiretapping and so on, or protect any private communications, is
IMO simply not supported
13 matches
Mail list logo
