[linux-elitists] Casual Encryption

Aaron Sherman ajs@ajs.com
Thu Jul 11 07:59:25 PDT 2002


On Wed, 2002-07-10 at 18:11, Aaron T Porter wrote:
> 
> 	Just a quick plea for all the elitists to seriously consider
> enabling SMTP-TLS on any and all mail servers they control. With the US
> government in Ashcroft juggernaut mode for the forseable future, I fear
> that the use of encryption will quickly become a red flag for further
> observation. If we can reach a point where a sizable portion of SMTP
> traffic is encrypted regardless of the content we can reduce any
> implications of sending encrypted mail. Probably doesn't make your
> standard Carnivore install too happy either.
> 	On most mail systems, enabling TLS is incredibly easy (one line
> config change on my Debian Sendmail box). It's a one-time fix that affects
> even technologically challenged users. I've tacked some links below for
> common MTA's.

I took a look at some of the docs out there, and it actually seems as if
encryption will *fail* if the sender cannot verify your certificate with
a CA.

Who could possibly have thought this was a good thing?! After all, you
don't care about the relay-to-relay traffic being signed (and if you do,
you should request a special mode). What you want is to hide relayed
traffic from prying eyes, and a root CA doesn't have to get involved in
that, any more than they do when I set up sshd!

Doh.

I'll still give a stab at setting this up with my own keys, and see how
it goes.





More information about the linux-elitists mailing list