Enzo Michelangeli (em@who.net)
Fri, 21 Aug 1998 17:18:51 +0800
In fact there is also an Internet draft specifying how to do POP3, IMAP and
ACAP over SSL: draft-newman-tls-imappop-04.txt . Of course, it's true that
nobody should really trust transport-layer security for store-and-forward
applications; however, these proposals may be useful to avoid risks of
snooping over a telephone line or, especially, a shared-media LAN. In a
corporate environment, this would translate into having to trust only the
MIS people, instead of each and every employee with a workstation.
Enzo
-----Original Message-----
From: Berke Durak <berke@gsu.linux.org.tr>
To: CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Friday, August 21, 1998 3:38 PM
Subject: Re: Crypto-sendmail
>Well, I just thought that even if MX-to-MX transmissions are encrypted,
many
>users will still use unprotected protocols like POP3 to get their mail.
>Secondly, unauthenticated DH-exchange is of course better than nothing, but
>so is 40-bit encryption, and even ROT13 is better than nothing. Whilst
>unauthenticated DH would certainly reduce the efficiency of massive
>snooping, for important MX nodes having "uncooperative" system
>administrators, or for important targets (political etc.), the amount of
>effort required to mount a man-in-the-middle attack is certainly justified,
>and in the reach of even a moderately small Internet backbone company,
given
>technical assistance. I personally think that you can not secure other
>people's communications without their cooperation, and that E-mail is best
>protected by end-to-end encryption. We have tools for that. What we need is
>encryption for real-time communications.
>
>Berke Durak - berke@gsu.linux.org.tr -
http://gsu.linux.org.tr/kripto-tr/
>PGP bits/keyID: 2047/F203A409 fingerprint:
44780515D0DC5FF1:BBE6C2EE0D1F56A1
>
>
>
>
>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:59