On Wed, Oct 29, 2003 at 11:28:08AM -0500, Sunder wrote: > The biggest hurdle and the thing that will have the most effect is to have > every MTA out there turn on Start TLS. It won't provide a big enhancement
For the record: it's unreasonably difficult (for a pedestrian sysadmin such as me) to set up StartTLS. Debian unstable ships with postfix-tls (albeit not installed as default), but apt-get install postfix-tls doesn't take care of the self-signed cert generation, and setting up /etc/postfix/main.cf for StartTLS support. It would be a most cypherpunkly undertaking to get that package to do that. (I have no idea how Debian packages work, unfortunately). > in terms of security at the ISP level, but it will blind the global > content search engines everywhere. Except, of course, at those ISP's > already infected by carnivore boxes - which at least aren't allowed by law > to capture all traffic, but I wouldn't put money that they'd follow it. > > So the first course of action is to convince MTA authors everywhere to > enable and turn this on. Later, they could drop support for non-TLS > traffic. It could also help against spamming somehow, as it will cost the > spammer a few more CPU cycles. (But this will be a very weak deterrent > against spam.) -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]