[linux-elitists] Re: right MTA for crypto support

Peter Gutmann pgut001@cs.auckland.ac.nz
Thu Aug 29 20:37:25 PDT 2002


Eric Murray <ericm@lne.com> writes:
>On Wed, Aug 28, 2002 at 03:26:47PM +1200, Peter Gutmann wrote:
>> Eugen Leitl <eugen@leitl.org> writes:
>
>(actually, I wrote:)

Oops, sorry, trimmed the wrong text.

>>>It's relatively easy to turn on TLS in sendmail.  It's not secure against
>>>active attackers that can modify the data in the TCP stream but it's better
>>>than nothing.
>>
>>Actually it's better than any other mail security out there.  See the slides
>>for my talk at Usenix Security
>>(http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf) for more
>>details (the StartTLS stuff is about halfway through).
>
>It depends on how you define "better".

Currently the amount of my mail protected by traditional means is essentially
nonexistant.  I get one piece of PGP-encrypted mail every month or two (and I
was one of the peope who helped write the thing!) and I don't recall ever
having received or sent any S/MIME-encrypted mail.  OTOH something like 10-15%
of all my mail is protected by STARTTLS, and the figure is rising continuously
and will continue to do so (particularly if MS make some minor changes in
Exchange which I've asked some people there about).

It doesn't matter how many types of mail encryption software I have sitting
unused on my hard drive, 10% (and growing) coverage with reasonable protection
is better than 0% coverage with good protection.

Peter.



More information about the linux-elitists mailing list