DOJ proposes US data-rentention law.

[Lucky Green]

ji wrote:
> Under this proposed law, will ISPs have to scan *all* SMTP 
> traffic and record the envelope, or only the traffic for 
> which they actually do 
> SMTP forwarding?  If the latter is the case, we can simply go 
> back to the original end-to-end SMTP delivery model; no 
> POP/IMAP or any of that stuff.  If the former is the case, 
> well, so long as they don't outlaw crypto, ISPs can't sniff 
> SMTP going over IPsec, now, can they?

IPSec is one solution, though I believe an easier way to deal with the
recent email data retention proposals in the US (and already existing
legislation in the EU) is the following:

Locate the button in your MUA that's labeled "Use secure connection" or
something to that effect, search the docs for your MTA for the words
"STARTTLS", "relaying", and potentially "SASL", don't use your ISP's
smtp server, encourage those that you are communicating with to do the
same, and the email data retention laws will be of no bother to you.

Anybody that's using postfix as their MTA is welcome to contact me for
more detailed instructions, though the above general instructions will
work for any decent modern MUA/MTA.

Check my mail headers for an example of what I mean. 

--Lucky "tap as much of my 3DES encrypted traffic as you desire" Green


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com