From: Tonnerre Lombard (tonnerre.lombard@sygroup.ch)
Date: Fri Aug 11 2006 - 01:34:00 EDT
Salut,
While this discussion doesn't quite seem to match the list subject, I
have something to say here.
On Thu, 2006-08-10 at 10:27 -0700, Gary E. Miller wrote:
> > How about pop3 and smtp? There is no secure alternative beside using pgp,
> > isn't it?
>
> Most modern pop3 and imap clients and servers support TLS. That protentially
> gives you a certificate protected channel between the client and server.
>
> A nice setup is dovecot server and thunderbird client using all TLS.
This doesn't protect your mail at all if one of the mail servers
underway demands to receive the mail unencrypted, which a lot of mail
servers still do these days. Even worse, this gives anyone with the
desire to crack your local TLS certificate for pop3s/imaps a huge
opportunity for a known plaintext attack.
The only real way to secure the contents (not the sender and
receipient!) of your mail is to use PGP encryption on it. If you want to
hide the metadata (who sent mail to who and about what) as well, you'll
have to go for mixes, but they're pretty uneasy to get right...
Tonnerre
-- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach BL Web:www.sygroup.ch tonnerre.lombard@sygroup.ch
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:40 EDT