Scott Harney wrote: >On Tuesday 17 June 2003 07:08 am, Craig Jackson wrote: > > >>-ray wrote: >>[onitted] >> >> >> >>>Use GPG if you want true end-to-end mail encryption. >>> >>> >>Not really true. The primary reason for TLS is authentication encrytion, >>IMHO. Downloading pop3 mail from Cox transmits clear text username and >>password. That leaves mail open to reading by anyone sniffing about. >>It's true that GPG encrypts the message, but who encrypts all their >>messages? A cracked account is still ripe for malicious deletion of >>email. I agree that Cox should support TLS. >> >> > >HUH? we're talking about SMTP. outbound mail. blocked port 25. There is >NOTHING preventing you from retrieving mail from another location. I have >never used a cox provided mailbox. and if you can use some method to protect >that normally in-the-clear transaction, the more's the better. TLS on 25 >does not provide anything resembling authentication. >
True, TLS on 25 doesn't make much sense for the Cox user. Now the roving user who has an email server at home may want TLS-encrypted SMTP to authenticate to and use his server at home, but that option has been eliminated with port 25 blocking. But how many people use a home email server that way -- besides me. -- Craig Jackson __________________________ localsurface.com __________________________
