[linux-elitists] Re: right MTA for crypto support

Eric Murray ericm@lne.com
Wed Aug 28 11:03:23 PDT 2002


On Wed, Aug 28, 2002 at 03:26:47PM +1200, Peter Gutmann wrote:
> Eugen Leitl <eugen@leitl.org> writes:

(actually, I wrote:)

> >It's relatively easy to turn on TLS in sendmail.  It's not secure against
> >active attackers that can modify the data in the TCP stream but it's better
> >than nothing.
> 
> Actually it's better than any other mail security out there.  See the slides
> for my talk at Usenix Security 
> (http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf) for more
> details (the StartTLS stuff is about halfway through).

It depends on how you define "better".


STARTTLS is defeated by Norton AV (silently!) and probably other
programs... if not now, then soon.  Mail is rarely stolen when in transit,
it's much easier to steal it from the destination spool, and STARTTLS does
nothing to protect stored mail.  The authentication option is only used
to authenticate roaming SMTP clients, and probably not often even then
since distributing client certificates is hard and too many IT folks
still think encrypted == secure.

If you define "better" as "more secure", or even "secure against
most classes of attackers", it's not better, it's a waste of CPU time.
But if you define "better" as "secure against passive eavesdroppers"
or as "increases the use of crypto", then it's better.

What's needed is something that IS better for both definitions
and is as easy to set up as STARTTLS... same thing that's been
needed for the last 10 years.


Eric





More information about the linux-elitists mailing list