Greg Rose (ggr@qualcomm.com)
Tue, 18 Aug 1998 15:31:25 +1000
At 13:54 19/08/98 -0400, Perry E. Metzger wrote:
>Michael Paul Johnson writes:
>> I LIKE this idea a lot, especially if the crypto-enabled sendmail can be
>> made common enough.
>
>This has already been done at least once before if I remember correctly.
>
>I'm not really a big fan of the idea, truth be told. It makes you
>trust all the intermediate nodes on the network for security. It does,
>however, make the espionage community's life harder, so I suppose that
>is a plus.
If you're referring to ssmail, the D-H exchange is done at the sendmail
conversation level, and by far the most common case is that mail goes from
the user's machine to the corporate mail gateway machine, which establishes
a TCP link to the recipient's gateway, which forwards to the destination
machine. The first and last of those are presumed to be behind firewalls,
and the long haul is encrypted only once. If the long-distance connection
can't be established, the mail will go to an alternate MX holder instead.
If you don't trust your own MX holders, you have other problems.
Greg.
Greg Rose INTERNET: ggr@Qualcomm.com
Qualcomm Australia VOICE: +61-2-9181-4851 FAX: +61-2-9181-5470
Suite 410, Birkenhead Point, http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:59