[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On the security of e-mails


Uhm, isn't Sendmail's SMTP-over-SSL thing supposed to conform to some
standard..? I seriously doubt the other endpoint has to be
Sendmail; rather, I think it probably only needs to be running a proper
SMTP-over-SSL implementation. If this is the case, then this can be done
with stunnel and your favorite MTA. (mine being qmail... why doesn't
everyone use qmail..?)



PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y

On Thu, 25 May 2000 balexander@winstar.com wrote:

> Sendmail is also beginning to address this issue. 8.11.x is supposed to
> include SSL code to do end-to-end encryption. However, this still leaves
> an opening at the destination host for snooping. Aside from that, this
> assumes that both ends are using sendmail 8.11, which is a pipe dream for
> a while to come. For end-to-end security, PGP or GPG encryption is the way
> to go.
> On Thu, May 25, 2000 at 09:14:20AM -0500, Daniel Taylor wrote:
> > The closest reliable method in that area is PGP encryption
> > of e-mail.  In theory only those people who have the message
> > signed with their public key will be able to read it.
> > 
> > In practice I haven't heard otherwise.
> > 
> > The only place where it isn't appropriate to encrypt (maybe only sign)
> > is on public mailing lists.
> > 
> > Daniel Taylor                Embedded and custom Linux integration.
> > dante@plethora.net           (612)747-1609
> -- 
> --Brad
> ============================================================================
> Bradley M. Alexander                     |   Co-Chairman,
> Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
> Winstar Telecom                          |   balexander@winstar.com
> (703) 889-1049                           |   storm@tux.org
> ============================================================================
> Never draw fire, it irritates everyone around you.
> 						--Murphy's Laws of Combat

Reply to: