> From: Paul Hoffman / IMC <[EMAIL PROTECTED]> > >If only to set a good example for the world, could somebody please > >arrange to have the IETF mailing lists, starting with this one, create > >and publish its own certificate()s and notice and use STARTTLS? > > If that happened and it was trumpeted, people would then start to > assume that SMTP over TLS assures that the messages that appear on > the list are securely the ones that were sent by the sender. Nothing > could be further from the truth. SMTP over TLS is a hop-by-hop > protocol, and protecting one hop in a chain does not protect the > chain. Further, it is the job of the SMTP server on each hop to > change the message, at least in the headers, and possibly in the body. > > SMTP over TLS has many good features: it lets the two SMTP servers > authenticate each other, it prevents snooping, and it prevents active > attackers from changing messages. It does not prevent SMTP servers on > any hop from changing messages. > > Giving folks a false sense of security is a bad example, not a good one. So don't given false senses or otherwise misrepresent it as as having anything to do with authenticating that the message is what the author wrote. We surely don't need to do as bad marketeers and sales people do and trumpet a good thing for bogus reasons. The good example for the world I'm thinking of is fighting interception proxies such as AOL's STMP interception proxy. Unlike S/MIME or whatever, indications of the successful use of STARTTLS are at most hidden in the Received headers. It would be hard to trumpet STARTTLS except when it interferes with nefarious activities by causing SMTP to not work, such as through interception proxies. And yes, it's impotent even for that if you don't have a certificate for the other end of the SMTP connection. In other words, why are you giving aid and comfort to the bad guys by arguing against the IESG using STARTTLS? Vernon Schryver [EMAIL PROTECTED]
