[linux-elitists] Casual Encryption

Aaron Lehmann aaronl@vitelus.com
Wed Jul 10 15:44:22 PDT 2002


On Wed, Jul 10, 2002 at 03:11:59PM -0700, Aaron T Porter wrote:
> 
> 	Just a quick plea for all the elitists to seriously consider
> enabling SMTP-TLS on any and all mail servers they control. With the US
> government in Ashcroft juggernaut mode for the forseable future, I fear
> that the use of encryption will quickly become a red flag for further
> observation. If we can reach a point where a sizable portion of SMTP
> traffic is encrypted regardless of the content we can reduce any
> implications of sending encrypted mail. Probably doesn't make your
> standard Carnivore install too happy either.

I don't trust SMTP-level encryption. The data is only encrypted
between relays, as I understand it - you still have to trust root of
those relays. Better to get into the habit of OpenPGP-encrypting all
personal email. I do that relatively often.

There's also an argument that overusing signatures is harmful.
http://zgp.org/linux-elitists/messages/20010413012558.B2074@kitenet.net.rfc822
In a public key cryptosystem, none of this is relevant to bare
encryption, but signatures often go hand in hand with encryption, and
add a lot of value to an encrypted message (assurance of
authenticity). So how often to sign mail, which most people always do
when sending an encrypted message, is still controversial.

-Aaron Lehmann, who's not signing this message because he's SSHing
through several hops to avoid a broken internet link. And what value
would my signature have here? Assurance that I'm not an imposter
giving you bad advice? ;)



More information about the linux-elitists mailing list