16 Aug
2002
16 Aug
'02
10:39
IF both MTA support ssl, the mail will be transfered encrypted.
However, unless sender and receiver verify the authenticity of each others' certificates, you don't gain anything regarding trustworthiness of the mail transfer: You have no idea who's going to be able to decrypt the email or who actually sent it. I don't see a big advantage over unencrypted, unauthenticated email. For someone to be able to intercept that, she needs to hijack a TCP session (disregarding MTAs enroute here). If she's able to intercept a TCP session, she can also present a 'false' certificate. Tobias