What email encryption is actually in use?
Ben Laurie
ben at algroup.co.uk
Wed Oct 2 16:15:39 EDT 2002
Matthew Byng-Maddick wrote:
> On Wed, Oct 02, 2002 at 10:04:03AM -0500, Jeremey Barrett wrote:
>
>>BTW, most and probably all of the major mail clients out there will do
>>STARTTLS *for SMTP*. It's a matter of servers offering it and clients
>>being configured to actually use it. It'd be nice if they always used it
>>if it's available, but right now I think they all require being told to.
>
>
> I have to say that much as it is a laudable goal to get widespread
> encryption on the SMTP server network, I'm rapidly coming to the conclusion
> that opportunistic encryption in this way doesn't really work. Consider
> where one side believes that it will only accept certificates signed by a
> particular CA (a perfectly plausible scenario in the case of SSL/TLS), and
> I hand it a self-signed one - this is not communicable before the connection
> starts up, and in-protocol, a failure to apply policy causes the connection
> to be shut down (this is by no means the only one, consider one side that
> only use DES and the other that never use it), leaving the connection in an
> undefined state.
>
> The problem with this is obvious. You have to treat the failure as a
> temporary failure and try again in a bit. Of course, we know that the
> only way you're going to send this system mail is by sending it in plaintext,
> because otherwise you won't adhere to policy, but also, given that it's an
> automated service, there's no human to turn round and try something slightly
> different, as there is in the case of the Web Browser or mail client talking
> SSL.
>
> I remain to be convinced on the value of opportunistic encryption. In my
> mind it doesn't, apparently, do anything useful. Of course, properly
> configured SSL, I'd agree with, but that means advertising what you're
> going to talk in some way that means you won't get half way through the
> protocol and leave it in an undefined state.
If you are going to do opportunistic encryption, then you have to be
prepared to be opportunistic. Clearly, configuring your server so it
can't encrypt opportunistically is a barrier to opportunistic encryption.
It isn't hard to set up SSL so it will interoperate with everything
(this is why there are mandatory ciphersuites).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list