SSL/TLS and port 587
Ed Gerck
edgerck at nma.com
Tue Jan 22 13:38:24 EST 2008
List,
I would like to address and request comments on the use of SSL/TLS and port 587 for email security.
The often expressed idea that SSL/TLS and port 587 are somehow able to prevent warrantless wiretapping and so on, or protect any private communications, is IMO simply not supported by facts.
Warrantless wiretapping and so on, and private communications eavesdropping are done more efficiently and covertly directly at the ISPs (hence the name "warrantless wiretapping"), where SSL/TLS protection does NOT apply. There is a security gap at every negotiated SSL/TLS session.
It is misleading to claim that port 587 solves the security problem of email eavesdropping, and gives people a false sense of security. It is worse than using a 56-bit DES key -- the email is in plaintext where it is most vulnerable.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list