On Tue, Oct 01, 2002 at 01:20:28PM +0100, David Howe wrote:
> at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
> <[EMAIL PROTECTED]> was seen to say:
> > For encryption, STARTTLS, which protects more mail than all other
> > email encryption technology combined. See
> > http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf
> > (towards the back).
> I would dispute that - not that it isn't used and useful, but unless you
> are handing off directly to the "home" machine of the end user (or his
> direct spool) odds are good that the packet will be sent unencrypted
> somewhere along its journey. with TLS you are basically protecting a
> single link of a transmission chain, with no control over the rest of
> the chain.
Well, it's a start. Every mail server (except mx1 and
mx2.prserv.net) should use TLS.
There should be nothing but noise on the wire.
> > For signing, nothing. The S/MIME list debated having posts to the
> > list signed, and decided against it: If I know you, I can recognise a
> > message from you whether it's signed or not.
> Signing has a limited application - I wouldn't use it routinely other
> than to establish an association (key-->poster) early in a conversation,
> and then omit it except for things whose source *I* would want verified
> if I was receiving it.
Once you start using it, it becomes part of hte pattern by wich
other people identify you.
--
This could be the last day of the rest of your life. | Quit smoking:
| 162d, 10h ago
| petro@
| bounty.org
