[OT] SMTP bad (was: default MTA)

To: debian-devel@lists.debian.org
Subject: [OT] SMTP bad (was: default MTA)
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Wed, 12 Jun 2013 19:35:19 +0000
Message-id: <[🔎] 20130612193519.GD1472@yuggoth.org>
In-reply-to: <[🔎] 51B81051.8060208@pocock.com.au>
References: <20130528010222.GA14069@bongo.bofh.it> <[🔎] 51B76616.5060205@pocock.com.au> <[🔎] 20130611180924.GF21862@gmail.com> <[🔎] 20130611205635.GA1472@yuggoth.org> <[🔎] 51B79B89.50506@pocock.com.au> <[🔎] 20130611220230.GB1472@yuggoth.org> <[🔎] 51B81051.8060208@pocock.com.au>

On 2013-06-12 08:08:17 +0200 (+0200), Daniel Pocock wrote:
> On 12/06/13 00:02, Jeremy Stanley wrote:
> > That basically just makes the case for relying on (E)SMTP only for
> > transporting messages, but leveraging OpenPGP or S/MIME to provide
> > authentication and confidentiality where required (or for anonymity,
> > Mixmaster et al).
> 
> OpenPGP and S/MIME don't guarantee anonymity as they don't (and can't
> really) encrypt the headers/envelope
[...]

Apologies if that message made it past the sarcasm filter, but I was
being flippant. As for anonymity, that's why I mentioned a type II
remailer... you can use Mixmaster without nyms as long as you don't
care about the recipient being able to respond to you. And if you
do, well that's pseudonymity not anonymity. (Though I really think
you meant "confidentiality" when you wrote "anonymity" there?)

The situation with SMTP is not so dire as you paint it, you simply
need to implement your own cryptography on top of it and be aware of
the characteristics it provides (for example put your real subject
in the message body if using OpenPGP, onion-routing/remailers if you
don't want an eavesdropper to know who you're talking to, et
cetera). Hop-by-hop opportunistic encryption on the "honor system"
does little more than give a false sense of security, but mailadmins
hopefully already know this long before they contemplate twisting
the shiny STARTTLS knob for remote deliveries?

In short, encrypted SMTP is there to protect your login credentials
when connecting directly to a known smarthost, and if you're doing
it right you're using proper certificate validation (at least TOFU
anyway). Any use beyond that is either misguided fantasy or a sales
pitch for the PKI (CA/TTP) cartels. As long as you accept the nature
of SMTP and use it in the ways it's intended, it's a perfectly fine
protocol which has withstood several decades of pounding while its
detractors have never managed to successfully replace it with
something better.
-- 
{ PGP( 48F9961143495829 ); FINGER( fungi@cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fungi@irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kinrui@katarsis.mudpy.org:6669 ); }

Reply to:

Follow-Ups:
- Re: [OT] SMTP bad
  - From: Daniel Pocock <daniel@pocock.com.au>

References:
- Re: default MTA
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: default MTA
  - From: Chow Loong Jin <hyperair@debian.org>
- Re: default MTA
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: default MTA
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: default MTA
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: default MTA
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: Re: x32 “half”arrived… now what?
Next by Date: Re: default MTA
Previous by thread: Re: default MTA
Next by thread: Re: [OT] SMTP bad
Index(es):
- Date
- Thread