SSL/TLS and port 587
Steven M. Bellovin
smb at cs.columbia.edu
Wed Jan 23 10:00:50 EST 2008
On Tue, 22 Jan 2008 21:49:32 -0800
Ed Gerck <edgerck at nma.com> wrote:
> As I commented in the
> second paragraph, an attack at the ISP (where SSL/TLS is
> of no help) has been the dominant threat -- and that is
> why one of the main problems is called "warrantless
> wiretapping". Further, because US law does /not/ protect
> data at rest, anyone claiming "authorized process" (which
> the ISP itself may) can eavesdrop without any required
> formality.
>
Please justify this. Email stored at the ISP is protected in the U.S.
by the Stored Communications Act, 18 USC 2701
(http://www4.law.cornell.edu/uscode/18/2701.html). While it's not a
well-drafted piece of legislation and has been the subject of much
litigation, from the Steve Jackson Games case
(http://w2.eff.org/legal/cases/SJG/) to Warshak v. United States
(http://www.cs.columbia.edu/~smb/blog/2007-06/2007-06-19.html), I don't
see how you can say stored email isn't protected at all.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list