Re: right MTA for crypto support
Eric Murray [EMAIL PROTECTED] writes: On Wed, Aug 28, 2002 at 03:26:47PM +1200, Peter Gutmann wrote: Eugen Leitl [EMAIL PROTECTED] writes: (actually, I wrote:) Oops, sorry, trimmed the wrong text. It's relatively easy to turn on TLS in sendmail. It's not secure against active attackers that can modify the data in the TCP stream but it's better than nothing. Actually it's better than any other mail security out there. See the slides for my talk at Usenix Security (http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf) for more details (the StartTLS stuff is about halfway through). It depends on how you define better. Currently the amount of my mail protected by traditional means is essentially nonexistant. I get one piece of PGP-encrypted mail every month or two (and I was one of the peope who helped write the thing!) and I don't recall ever having received or sent any S/MIME-encrypted mail. OTOH something like 10-15% of all my mail is protected by STARTTLS, and the figure is rising continuously and will continue to do so (particularly if MS make some minor changes in Exchange which I've asked some people there about). It doesn't matter how many types of mail encryption software I have sitting unused on my hard drive, 10% (and growing) coverage with reasonable protection is better than 0% coverage with good protection. Peter.
Re: right MTA for crypto support
On Wed, Aug 28, 2002 at 03:26:47PM +1200, Peter Gutmann wrote: Eugen Leitl [EMAIL PROTECTED] writes: (actually, I wrote:) It's relatively easy to turn on TLS in sendmail. It's not secure against active attackers that can modify the data in the TCP stream but it's better than nothing. Actually it's better than any other mail security out there. See the slides for my talk at Usenix Security (http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf) for more details (the StartTLS stuff is about halfway through). It depends on how you define better. STARTTLS is defeated by Norton AV (silently!) and probably other programs... if not now, then soon. Mail is rarely stolen when in transit, it's much easier to steal it from the destination spool, and STARTTLS does nothing to protect stored mail. The authentication option is only used to authenticate roaming SMTP clients, and probably not often even then since distributing client certificates is hard and too many IT folks still think encrypted == secure. If you define better as more secure, or even secure against most classes of attackers, it's not better, it's a waste of CPU time. But if you define better as secure against passive eavesdroppers or as increases the use of crypto, then it's better. What's needed is something that IS better for both definitions and is as easy to set up as STARTTLS... same thing that's been needed for the last 10 years. Eric
Re: right MTA for crypto support
On Tue, Aug 27, 2002 at 11:53:08AM +0200, Eugen Leitl wrote: I'm getting rather pissed at diverse wiretap legislations making the global rounds (lately EU is making noises towards storing a one year deep FIFO of all email and browsing traffic for all users), and would like to run my own MTA, with MX fallback to ISPs. I would like to have secure MUA-MTA (IMAP/SSL POP/SSL and MTA-MTA (if the other end supports it). lne.com's sendmail now supports START_TLS. Not that that adds any security to cpunks list mail of course. But it does increase the amount of encrypted traffic. It's relatively easy to turn on TLS in sendmail. It's not secure against active attackers that can modify the data in the TCP stream but it's better than nothing. If anyone knows of patches which automatically query keyservers and GPG/PGP encrypt emails to targets (this is not a deep paranoia setup, just a cheap measure to increase encrypted mail traffic) that would be nice to have, too. Besides START_TLS which is built in, there is probably an auto-PGP patch for sendmail. Eric
RE: right MTA for crypto support
Eric wrote: On Tue, Aug 27, 2002 at 11:53:08AM +0200, Eugen Leitl wrote: I'm getting rather pissed at diverse wiretap legislations making the global rounds (lately EU is making noises towards storing a one year deep FIFO of all email and browsing traffic for all users), and would like to run my own MTA, with MX fallback to ISPs. I would like to have secure MUA-MTA (IMAP/SSL POP/SSL and MTA-MTA (if the other end supports it). lne.com's sendmail now supports START_TLS. Not that that adds any security to cpunks list mail of course. But it does increase the amount of encrypted traffic. There are a bunch of projects that either work on or have completed integration of PGP at the MTA-level. A post to the OpenPGP lists should round up the candidates. Either way, I agree with Eric that turning on STARTTLS support in MTA's has become so easy that I would be hard pressed to come up with reasons why one wouldn't. I know that enabling STARTTLS is trivial in postfix and I am told that STARTTLS ships with exim and at least the Debian build of sendmail. Either way, I would recommend to first enable STARTTLS in your MTA and only after that start looking at PGP integrations. (I fully understand that STARTTLS and PGP fulfill different needs and address different thread models). --Lucky Green
Re: right MTA for crypto support
Eugen Leitl [EMAIL PROTECTED] writes: It's relatively easy to turn on TLS in sendmail. It's not secure against active attackers that can modify the data in the TCP stream but it's better than nothing. Actually it's better than any other mail security out there. See the slides for my talk at Usenix Security (http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf) for more details (the StartTLS stuff is about halfway through). Peter.