No - it means you might want to consider a system that guarantees end-to-end encryption - not just "first link, then maybe if it feels like it"Dave Howe wrote: > TLS for SMTP is a nice, efficient way to encrypt the channel. > However, it offers little or no assurance that your mail will > *stay* encrypted all the way to the recipients. That's correct. But, the goal is not to secure email to the extent that there is no risk, that's impossible, and arguing that the existence of a weakness means you shouldn't do it just means that we should never use crypto at all.
That doesn't mean TLS is worthless - on the contrary, it adds an additional layer of both user authentication and session encryption that are both beneficial - but that *relying* on it to protect your messages is overoptimistic at best, dangerous at worst.
In limited circumstances it could well be enough - say, if your mailserver *is* yours, and hands off directly to the recipient's mail server which you know is accessed by either ssl-secured pop3, https, or some other secure access method (or unencrypted, but via a local lan link of course) - but for the majority of users this isn't going to be possible; more and more ISPs frown on even their business customers using direct outbound SMTP, and few sites are willing or able to accept mail using the alternate port for TLS.
You should do it - but you shouldn't expect it to do any good; in the long term, pushing for TLS support from your ISP, giving them grief (within limits of course) to ensure opportunistic TLS outbound, and so forth, will increase the security of the system as a whole. but at the moment reliance is a step too far.The goal is to make it more difficult, within a tight budget. Using TLS for SMTP is free. Why not do it?
Many ISPs accept TLS inbound, but don't specify it outbound. there is no value to them in doing so - its transparent to the user either way, adds additional load to the local server, and the occasions they get asked about it are so rare they can safely ignore it.a) Once a bunch of people send mail via TLS/SMTP, the ISP is incentivised to look at onward forwarding it that way.
Certainly possible - but of course that implies using SSL during the collection too.....b) It may be that your local threat is the biggest, if for example you are using 802.11b to send your mail. The threat of listening from the ISP onwards is relatively small compared to what goes on closer to the end nodes.
Indeed so, yes. however, as I say - just because it is a step forward towards a completely end-to-end secure link, it is worth doing - even a little extra security for free is worth having - but if it is important enough to *need* encryption, it is important enough to ensure end-to-end encryption is used.c) every node that starts protecting traffic this way helps - because it boxes the attacker into narrower and narrower attacks. It may be that the emails are totally open over the backbone, but who cares if the attacker can't easily get there?
I must admit to being impressed by how functional EnigMime for thunderbird is in this regard - I can specify per-destination-user that encryption will aways be used, and its type - and have it "just work"
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
