at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann <[EMAIL PROTECTED]> was seen to say: > As opposed to more conventional encryption, where you're protecting > nothing at any point along the chain, because 99.99% of the user base > can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial "incentives" from your competitors) then you are in for a rude awakening at some point.
S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. > In any case most email is point-to-point, which > means you are protecting the entire chain (that is, if I send you > mail it may go through a few internal machines here or there, but > once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender-->Sender's ISP-->Recipient's ISP-->Mailspool-->Recipient for a corporate user, a typical chain might go Sender-->sender's internal email system-->sender's outbound gateway-->recipient's firewall-->recipients inbound gateway-->recipient's email system-->recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway-->firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.