In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writ
es:
>
>
>>Yahoo's new system works like this: Once a message is composed, it
>>travels, unencrypted, to Yahoo,
>
>So feel no fear in sending anything you wouldn't mind being read before
>it's encrypted?
>I'm surprised AOL isn't offering this "security feature" as well ...
>I feel safer already :~)
While I don't like (what I've seen described here of) the Yahoo secure
mail system, it isn't a priori preposterous. In fact, in many cases it
makes a great deal of sense.
The question is what your threat model is. Although it's possible to
pick up email on the wire, in many cases it's quite hard.
Eavesdropping on an ISP's backbone is extremely difficult; the links
are very fast, are often not Ethernet or some other easily-tapped
medium, and providers have learned not to put general-purpose (and
hence hackable) machines on their backbone.
The real threats come near the edges, and in the spool files where the
mail sits before being delivered or picked up. The latter, in
particular, is quite great. If the encryption happens on a separate,
secure machine before storage, it might be quite good against that
threat -- and if both parties to a conversation are using dial-up
links, there is little to worry about.
Sure, if you're a possible target of Carnivore, this is grossly
insufficient. But that doesn't descibe most people. Their threat
probably comes from their very own machines, and is best defeated by
any mailer that doesn't leave plaintext lying around, either in a Trash
folder or in a Web cache.
--Steve Bellovin
