Re: On the security of e-mails

To: balexander@winstar.com
Cc: Daniel Taylor <dante@plethora.net>, Sergio Brandano <sb@dcs.qmw.ac.uk>, debian-security@lists.debian.org
Subject: Re: On the security of e-mails
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Fri, 26 May 2000 00:25:05 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0005260023220.7813-100000@cornerstone.core.aoi>
In-reply-to: <[🔎] 20000525123555.A1248@sonsofthunder.yi.org>

Bradley,

Uhm, isn't Sendmail's SMTP-over-SSL thing supposed to conform to some
standard..? I seriously doubt the other endpoint has to be
Sendmail; rather, I think it probably only needs to be running a proper
SMTP-over-SSL implementation. If this is the case, then this can be done
with stunnel and your favorite MTA. (mine being qmail... why doesn't
everyone use qmail..?)

Regards,

Alex.

---
PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
------END GEEK CODE BLOCK------

On Thu, 25 May 2000 balexander@winstar.com wrote:

> Sendmail is also beginning to address this issue. 8.11.x is supposed to
> include SSL code to do end-to-end encryption. However, this still leaves
> an opening at the destination host for snooping. Aside from that, this
> assumes that both ends are using sendmail 8.11, which is a pipe dream for
> a while to come. For end-to-end security, PGP or GPG encryption is the way
> to go.
> 
> On Thu, May 25, 2000 at 09:14:20AM -0500, Daniel Taylor wrote:
> > The closest reliable method in that area is PGP encryption
> > of e-mail.  In theory only those people who have the message
> > signed with their public key will be able to read it.
> > 
> > In practice I haven't heard otherwise.
> > 
> > The only place where it isn't appropriate to encrypt (maybe only sign)
> > is on public mailing lists.
> > 
> > Daniel Taylor                Embedded and custom Linux integration.
> > dante@plethora.net           (612)747-1609
>  
> -- 
> --Brad
> ============================================================================
> Bradley M. Alexander                     |   Co-Chairman,
> Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
> Winstar Telecom                          |   balexander@winstar.com
> (703) 889-1049                           |   storm@tux.org
> ============================================================================
> Never draw fire, it irritates everyone around you.
> 						--Murphy's Laws of Combat
>

Reply to:

Follow-Ups:
- Re: On the security of e-mails
  - From: "Milan P. Stanic" <mps@4net.co.yu>

References:
- Re: On the security of e-mails
  - From: balexander@winstar.com

Prev by Date: Re: On the security of e-mails
Next by Date: Re: On the security of e-mails
Previous by thread: Re: On the security of e-mails
Next by thread: Re: On the security of e-mails
Index(es):
- Date
- Thread