On Tue, Oct 01, 2002 at 01:20:28PM +0100, David Howe wrote: > at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann > <[EMAIL PROTECTED]> was seen to say: > > For encryption, STARTTLS, which protects more mail than all other > > email encryption technology combined. See > > http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf > > (towards the back). > I would dispute that - not that it isn't used and useful, but unless you > are handing off directly to the "home" machine of the end user (or his > direct spool) odds are good that the packet will be sent unencrypted > somewhere along its journey. with TLS you are basically protecting a > single link of a transmission chain, with no control over the rest of > the chain.
Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. There should be nothing but noise on the wire. > > For signing, nothing. The S/MIME list debated having posts to the > > list signed, and decided against it: If I know you, I can recognise a > > message from you whether it's signed or not. > Signing has a limited application - I wouldn't use it routinely other > than to establish an association (key-->poster) early in a conversation, > and then omit it except for things whose source *I* would want verified > if I was receiving it. Once you start using it, it becomes part of hte pattern by wich other people identify you. -- This could be the last day of the rest of your life. | Quit smoking: | 162d, 10h ago | petro@ | bounty.org