A separate discussion over on coderpunks maybe helpful here. >To: Bill Stewart <[EMAIL PROTECTED]> >Cc: Bram Cohen <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >Subject: Re: encrypted mail standards >Date: Tue, 19 Dec 2000 23:34:55 -0800 >From: John Gilmore <[EMAIL PROTECTED]> > >> Bram - you can do encryption at the Mail Transfer Agent layer, >> like encrypting versions of SMTP, or in the mail header/body layer, >> >> I'm not sure where to find the standards for encrypting SMTP, >> but there are some; look around on sendmail.com. > >See RFC 2487, "SMTP Service Extension for Secure SMTP over TLS", which >adds the "STARTTLS" command and HELO extension option to the SMTP >specification. This permits two SMTP servers to negotiate to use TLS >(also known as SSL) encryption before sending email. > >There are ways to run POP or IMAP using TLS/SSL as well, but I don't >have the standards at my fingertips for this. > >> Also, John Gilmore may have funded some >> non-American developer to do an implementation. > >Nope; sendmail.com did an implementation and released it once the >export rules changed. It's in the current free sendmail release. > > John > > > Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639