For TLS/SSL to offer any real protection when transmitting email pretty much everyone has to support it. That's just how it works. If you send an email to Bob, and the email must be routed twice, then you need at least three servers and two MUAs that support TLS/SSL. If any one of those does not support it, then you lose on at least one leg of the trip. With something like PGP though that is not the case. Only the sender and recipient need support it. Also, with TLS/SSL you do not get any encryption on the mail servers. Only the communication channels are encrypted. So you stop sniffers, but you don't stop anyone with access to a mail server from reading the emails.
However, you do bring up the good point that PGP is not going to hide who you are sending mail to. I think the current conversation has its root in a misunderstanding of exactly what problems TLS/SSL, PGP, and S/MIME solve. At 12:28 PM 6/16/2003 -0500, you wrote: >Chiming in on the TLS and GPG discussion: >How would one encrypt the message headers of an email? Wouldn't end-to-end >TLS provide 128-bit encryption for that purpose? This of course would >require the recipient to use TLS. > >Maybe this whole Cox debacle points out that there is a market for both ISPs >that provide more capabilities to customers and for secure services like TLS >and encrypted email provided through 3rd parties, like anonymizer.com. > >I can see Cox's business reasons for restricting home consumer services, and >I can't really fault them. But I'd like to know how much consumers would pay >for unfettered home connectivity? I have DSL via Eatel and can do pretty >much what I want with my home network: $35/month. Maybe the restrictions of >the big ISPs will make a market for broadband via wireless viable. > >John Hebert > >-----Original Message----- >From: will hill >To: [email protected] >Sent: 6/16/03 12:49 PM >Subject: Re: [brlug-general] Cox and smtp pain today. > >On 2003.06.16 09:16 Scott Harney wrote: > > > And Dustin is correct, very very very few providers use TLS. > >Once upon a time, few people used email. That was not a good reason to >not use it. > > > > > Think about it. let's say you TLS the transactions between you and >your > > remote mailserver that you prefer to relay through. Great. > >That is great. It cuts down on my nosy cable neighbor's ability to read >my mail. > > > But once the mail > > leaves that relay server for it's finally destination, it's >unencrypted. So > > if COX supported TLS for you, the transaction between you and cox >would be > > encrypted. hooray. then Cox forwards the mail on your behalf. >Chances are, > > it's not encrypted. In most cases, it won't be. > >Let's suppose my mail program has this and I am the relay and I support >this and my destination has a mail server that supports this. Does that >not give me transparent encryption all the way through? Shouldn't we >encourage this? Now that Cox forces me to use their mail server, can't >they keep this from happening? > >That meat-head, John Ashcroft says that people should not have any >expectations of privacy in their email and Carnivore is justified on >these grounds. He's wrong for two reasons. First, email can be >secured. Second, he has no business snooping in mail. Email will have >few business uses unless it's privacy is secure. Privacy can only be >secured if everything is encrypted. We should expect this to happen and >work to make it so. > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
