[linux-elitists] Casual Encryption

Joseph Barillari joseph+lineli@barillari.org
Fri Jul 12 15:26:39 PDT 2002


>>>>> "AS" == Aaron Sherman <ajs@ajs.com> writes:

    AS> On Fri, 2002-07-12 at 00:06, Jason Costomiris wrote:
    >> On Thu, Jul 11, 2002 at 10:59:25AM -0400, Aaron Sherman wrote:
    >> : I took a look at some of the docs out there, and it actually
    >> seems as if : encryption will *fail* if the sender cannot
    >> verify your certificate with : a CA.
    >> 
    >> As others have indicated, this is definitely
    >> configuration-dependent.

    AS> Ok, I'm running Red Hat 7.1 with the stock (after updates)
    AS> sendmail.  Looks like they don't turn on TLSSTART in that
    AS> version, so I'm going to recompile from SRPM. I'll try to
    AS> summarize exactly what I go through so that there's a document
    AS> that others can follow without having to understand the
    AS> vagaries of sendmail/RedHat/TLS/certification/etc. I will also
    AS> be loading Limbo on a desktop box of mine, and I'll see if the
    AS> sendmail comes pre-configured to do this. 'Twould be nice.

I shifted from RedHat to Debian last month. Debian's sendmail package
automatically generates the certificates necessary to run
TLS. 

Making use of the security is another matter. My school's IT
department serves as my ISP. They've embraced TLS for outgoing mail,
to the point of disallowing unencrypted, unauthenticated traffic
to the primary SMTP servers. However, none of their outside-world MXes
speak TLS. As I run my own SMTP server, this means my intra-school
mail (which goes through that MX) is unencrypted.

After confirming this with the IT department, I asked myself: If I ran
an ISP, what would me persuade to activate TLS on my incoming
mail-hubs? It provides only a slight marginal increase in security
(any one of the other hops could be unencrypted). Most sites don't
send outgoing mail using TLS, because few sites are willing to receive
it via TLS -- to the average administrator, it probably sounds like
an extra hassle for an insignificant gain. And if you want the
authentication to be universally recognized, it involves the headache
of buying and maintaining a certificate.

The last hop of POP or IMAP is usually encrypted, because last-mile
intranets are most accessible and vulnerable to casual sniffing. The
Internet cloud is a different story -- there's not as much need for
it. Your average snooper can't plug into the UUnet backbone to run
dsniff. Carnivore could, but it's more likely to be installed _inside_
an ISP, where it can merrily read the messages on unencrypted internal
networks. Nothing short of PGP will keep your mail safe in that
environment.

I'm curious. Do the sysadmins on this list activate TLS on their MXes?
Did your users ask for it? Did you decide that the additional security
was worth the effort of setting up the software and buying a
certificate?

--Joe
http://barillari.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 258 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20020712/e1c03d87/attachment.pgp 


More information about the linux-elitists mailing list