Re: [suse-security] Encrypt E-Mails without human-agreement
IF both MTA support ssl, the mail will be transfered encrypted. So if your MTA and the MTA of the other company speaks TLS, your clients on both sides also uses ssl for smtp/pop3/imap, the mail will transfered in an encryption tunnel.
No. This is called Transport Layer Security (TLS) because it only encrypts the direct connection from one MTA to the next. Every MTA on the route is able to read the mail since it processes mails above the transportlayer. Privacy can only be guaranteed if there is a direct connection between sending and recieving MTA (and both ca nbe trusted). This is not true for SMTP. To meet all privacy requirements encryption must take place on the application level. And for authentication over insecure networks it is necassary to have cryptographically secure identification data for every person to communicate with. This can't be done without the senders/receivers cooperation. -- Michel Messerschmidt 9messers@informatik.uni-hamburg.de http://www.michel-messerschmidt.de
On Friday 16 August 2002 06:03 am, Michel Messerschmidt wrote:
IF both MTA support ssl, the mail will be transfered encrypted. So if your MTA and the MTA of the other company speaks TLS, your clients on both sides also uses ssl for smtp/pop3/imap, the mail will transfered in an encryption tunnel.
No. This is called Transport Layer Security (TLS) because it only encrypts the direct connection from one MTA to the next. Every MTA on the route is able to read the mail since it processes mails above the transportlayer. Privacy can only be guaranteed if there is a direct connection between sending and recieving MTA (and both ca nbe trusted). This is not true for SMTP.
Presumably they are free to configure the MTAs at either end not to use the "smart host" relay feature. In this case all connections are direct and there are no intermediate MTAs. Is this not correct? -- _________________________________________________ No I Don't Yahoo! And I'm getting pretty sick of being asked if I do. _________________________________________________ John Andersen / Juneau Alaska
Michel Messerschmidt wrote:
IF both MTA support ssl, the mail will be transfered encrypted. So if your MTA and the MTA of the other company speaks TLS, your clients on both sides also uses ssl for smtp/pop3/imap, the mail will transfered in an encryption tunnel.
No. This is called Transport Layer Security (TLS) because it only encrypts the direct connection from one MTA to the next. Every MTA on the route is able to read the mail since it processes mails above the transportlayer. Privacy can only be guaranteed if there is a direct connection between sending and recieving MTA (and both ca nbe trusted). This is not true for SMTP.
this is not really true, i can define SMTP routing tables and contact such smtp server directly, no need for smarthost. I think just of the possibillity that you can send 'encrypted' mail over the net. Surely the mail itself isn't encrypted.
To meet all privacy requirements encryption must take place on the application level.
right, but that isn't possible without users interaction.
And for authentication over insecure networks it is necassary to have cryptographically secure identification data for every person to communicate with. This can't be done without the senders/receivers cooperation.
noone 'authenticates' normal mails, so why should i take special care on a encrypted mail? i don't know that my mail travels in an encrypted 'transport layer' thru the net. For real and approved security you need pgp or something simmilar, but just to encrypt the mail transport tls is some kind to think of. So if you want no user interaction, it is a way to get a bit more security, no gurantee, no auth, just a bit encryption. Sven
participants (3)
-
John Andersen -
Michel Messerschmidt -
Sven 'Darkman' Michels