In message <[EMAIL PROTECTED]>, John Saylor writes: >Hi > >( 02.10.02 12:50 -0500 ) Jeremey Barrett: >> but it's always better to encrypt than not, even if no additional >> trust is gained. > >While I generally am on board with this, I can see a situation where the >encryption overhead [and complexity] may be excessive [underpowered mail >servers administered by beginners] compared to the gains. >
The primary use of STARTLS for SMTP is for mail *submission*, not relaying. That is, when clients (like Eudora) generate mail, they submit it to an ISP or organizational SMTP server. If this server is accessible from the Internet, it should require some sort of authentication, to avoid becoming an open spam relay. This is sometimes done by a password over a TLS-protected session. In other words, this isn't opportunistic encryption, and doesn't run into the problem of "random smtp server has a self-signed cert". The client should be configured to know what cert to expect. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]