At 09:32 AM 9/11/2002, Alan Brown wrote: >On Wed, 11 Sep 2002, Carles Xavier Munyoz [iso-8859-1] Bald� wrote: > > > Ok, but when the email is delivered to the user mailbox or to the MTA > > queue it is in plain text, isn't it ? > >Some of those are also crypted. End to end PGP has a number of usability >issues which make it "geek chic" now and not easy for joe average luser. > > > > At some point, I (and lots of other admins) will start refusing > > > unencrypted sessions. I've already switched off ALL unencrypted POP3, > > > IMAP, FTP and terminal(telnet) sessions and am working on NNTPS next. > > > > Yes, I agree, but this point is still far :-) > >I disagree. > >When SMTP AUTH was first released, I predicted that it wouldn't become >widely used until 2005. It's already at high usage levels, so is TLS.
They're in wide use because many people use mail servers from reliable third parties rather than using the mail services of the ISP they're connected to at any given moment. Users are becoming more mobile, and don't stand for reconfiguring their SMTP service each time they move. SUBMISSION with SMTP AUTH addresses that issue. TLS addresses encryption of the username/password exchange over POP and SMTP/SUBMISSION. TLS also secures email transactions from prying eyes on less secure networks (public 802.11b hot spots, cable modem networks, and so forth). >The main holdup on TLS usage is that most admins don't enable it for >_outbound_ mail server-server transfers. It's trivial to do this with >sendmail and postfix and it doesn't have to be kept restricted to >MUA-MTA sessions. I'm seeing a growing percentage of email arriving with TLS as well. Encryption between MTAs may cause consternation for law enforcement as their carnivore-type monitoring systems will either have to record teh encrypted stuff for later cracking, or actually come up with a better method for dealing with ISPs for wiretaps. >The _main_ problem with PGP and GPG has been the patent and copyright >issues, with the current owners refusing to develop things any further >or opensource what's available. That leads to major legal issues if used >in the major mail packages which I can understand most authors wanting >to avoid. The new PGP corporation (recently spun out of Network Associates) has said they'll open source their code. Will be interesting to see how that develops. >AB ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
