Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
RE: [suse-security] Encrypt E-Mails without human-agreement
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Fri, 16 Aug 2002 12:39:41 +0200
  • Message-id: <96C102324EF9D411A49500306E06C8D101989451@xxxxxxxxxxxxxxxxx>
> > IF both MTA support ssl, the mail will be transfered encrypted.

However, unless sender and receiver verify the authenticity of each others'
certificates, you don't gain anything regarding trustworthiness of the mail
transfer: You have no idea who's going to be able to decrypt the email or
who actually sent it.

I don't see a big advantage over unencrypted, unauthenticated email. For
someone to be able to intercept that, she needs to hijack a TCP session
(disregarding MTAs enroute here). If she's able to intercept a TCP session,
she can also present a 'false' certificate.

Tobias

< Previous Next >