RE: [suse-security] Encrypt E-Mails without human-agreement
This is called Transport Layer Security (TLS) because it only encrypts the direct connection from one MTA to the next. Every MTA on the route is able to read the mail since it processes mails above the transportlayer. Privacy can only be guaranteed if there is a direct connection between sending and recieving MTA (and both ca nbe trusted). This is not true for SMTP.
Presumably they are free to configure the MTAs at either end not to use the "smart host" relay feature. In this case all connections are direct and there are no intermediate MTAs. Is this not correct?
Not entirely. Just because you're delivering email directly to the host that is published as the domain's mail exchanger(s) in the DNS, that doesn't mean that it's the final destination or that email won't travel on from there. That host may well send the messages on to someplace else. And if the primary MX is down, mail is typically buffered on the hosts with lower priority MX records until the primary MX comes back up again, in which case they send it all the buffered mail. All these are examples where TLS between you and an MX of a domain result in cleartext transmission of email further along the delivery chain. Michel is correct, for true confidentiality you need to encrypt on the application level. Cheers Tobias
Hi, I have not followed this thread to close, but has anyone considered that encryption might be illegal in some parts of the world (eg. France I think?)? So to "encrypt without user agrement" might be a legal problem also. mike
Does this mean the French (and/or whoever) can't use ssh?
- Roger -
----- Original Message -----
From: "Thomas Michael Wanka"
Hi,
I have not followed this thread to close, but has anyone considered that encryption might be illegal in some parts of the world (eg. France I think?)? So to "encrypt without user agrement" might be a legal problem also.
mike
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Does this mean the French (and/or whoever) can't use ssh? - Roger -
Roger,
I think, that your question belongs probably do another topic. Please
don't misunderstand this! I find this forum have spend a very
sophisticated level to resolve a problem, with have all E-Mail users to
have a secure channel, without the banality to ask a PGP-user or a
TrustCenter or the legend from a friend, which wait for you, to give you
an PK, to get a PK or an CERT to encrypt E-Mail. This routines are
always associated with many circumstances and waste time and is in the
seldom cases successfully. But this has nothing to do with
legal/illegal!
Cheers
GJ
----- Original Message -----
From: "Thomas Michael Wanka"
Hi,
I have not followed this thread to close, but has anyone considered that encryption might be illegal in some parts of the world (eg. France I think?)? So to "encrypt without user agrement" might be a legal problem also.
mike
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (5)
-
gd.jg@t-online.de
-
Peter Wiersig
-
Reckhard, Tobias
-
Roger C Haslock
-
Thomas Michael Wanka