SMTP over TLS
Steven M. Bellovin
smb at research.att.com
Wed Jun 2 15:17:44 EDT 2004
In message <871xkyxcoo.fsf at snark.piermont.com>, "Perry E. Metzger" writes:
>
>I view link encryption for SMTP -- i.e. SMTP over TLS -- as having two
>functions.
>
>1) It frustrates "vacuum cleaner" mail tapping efforts to some degree.
>2) It can be used effectively for authenticating the posting of a
> mail message from an MUA to the first hop MTA.
>
>I don't see it as being useful for making sure your mail is actually
>"secure", but I think it is a valuable thing to turn on as much as one
>can, if only to reduce "casual eavesdropping". It certainly can't stop
>(for the most part) concerted attacks, but I don't think most people
>view it as being useful for that.
This gets to the real question: what is the threat model? Who is
trying to do things to your email, and what resources can you bring to
bear?
Someone serious who's targeting you is going to go after the servers
and the spool files -- it's easier, more reliable, etc. The same is
true for system administrators.
If, on the other hand, you have a habit of sending quasi-sensitive
email over 802.11 nets, over-the-wire eavesdropping is indeed a real
threat, though primarily on that one link.
Or perhaps you rely on links run by people you don't fully trust. At
one major U.S. hotel chain, all port 25 traffic from the in-room
Ethernet jacks gets diverted to the hotel's SMTP server. I'm not sure
if they're being friendly -- "let's help people whose MUAs are hard-wired
to some firewall-protected corporate mail server" -- or if they're
trying to block check-in spammers or what; I do know that I don't want
my email sitting on their servers.
I personally deal with the latter two by tunneling my SMTP and POP3
over ssh to a trusted site; for the first, I use PGP for the tiny
amount of email I send or receive that requires end-to-end security.
But I've happily sent my credit card number via email at times, because
I don't think the threat is that serious; furthermore, given U.S. law,
the consequences aren't that serious.
What's your threat model? When we know that, we can talk about
solutions.
--Steve Bellovin, http://www.research.att.com/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list