Ian Grigg wrote:
Dave Howe wrote:
No - it means you might want to consider a system that guarantees
end-to-end encryption - not just "first link, then maybe if it feels
like it"
That doesn't mean TLS is worthless - on the contrary, it adds an
additional layer of both user authentication and sess
At 10:14 PM 5/30/2004, Peter Gutmann wrote:
The S/MIME list debated this some time ago, and decided (pretty much
unanimously) against it, for two reasosn. Firstly, because it adds huge ugly
blobs of base64 crap to each message (and before the ECC fans leap in here,
that still adds small ugly blobs
Dave Howe wrote:
Ian Grigg wrote:
Dave Howe wrote:
> TLS for SMTP is a nice, efficient way to encrypt the channel.
> However, it offers little or no assurance that your mail will
> *stay* encrypted all the way to the recipients.
That's correct. But, the goal is not to secure email to the extent
Ian Grigg wrote:
Dave Howe wrote:
> TLS for SMTP is a nice, efficient way to encrypt the channel.
> However, it offers little or no assurance that your mail will
> *stay* encrypted all the way to the recipients.
That's correct. But, the goal is not to secure email to the extent
that there is no
Dave Howe wrote:
Peter Gutmann wrote:
It *is* happening, only it's now called STARTTLS (and if certain vendors
(Micromumblemumble) didn't make it such a pain to set up certs for
their MTAs
but simply generated self-signed certs on install and turned it on by
default,
it'd be happening even more).
I see that you are not interested in discussing the relative merits of
STARTTLS vs. DomainKeys, but instead are just trying to push
STARTTLS. I hope that Perry will see through your sales job, and will
return your email to you, just as he will return this one to me.
-russ
[Moderator's note: No su
Peter Gutmann wrote:
The S/MIME list debated this some time ago, and decided (pretty much
unanimously) against it, for two reasosn. Firstly, because it adds huge ugly
blobs of base64 crap to each message (and before the ECC fans leap in here,
that still adds small ugly blobs of base64 crap to eac
Peter Gutmann wrote:
It *is* happening, only it's now called STARTTLS (and if certain vendors
(Micromumblemumble) didn't make it such a pain to set up certs for their MTAs
but simply generated self-signed certs on install and turned it on by default,
it'd be happening even more).
TLS for SMTP is a
Ed Gerck wrote:
No -- DomainKeys has nothingf to do with 'email cryptography'. They are
S/MIME and PGP/MIME.
I wouldn't say PGP/MIME (as opposed to pgp inline) was a widely enough
used standard to be considered one of two options - pgp (both methods)
certainly, but not pgp/mime exclusively.
Russell Nelson <[EMAIL PROTECTED]> writes:
>Peter Gutmann writes:
>> STARTTLS
>
>If Alice and Cathy both implement STARTTLS, and Beatty does not, and Beatty
>handles email which is ultimately sent to Cathy, then STARTTLS accomplishes
>nothing. If Uma and Wendy implement DomainKeys, and Violet does
Peter Gutmann writes:
> STARTTLS
If Alice and Cathy both implement STARTTLS, and Beatty does not, and
Beatty handles email which is ultimately sent to Cathy, then STARTTLS
accomplishes nothing. If Uma and Wendy implement DomainKeys, and
Violet does not, and Violet handles email which is ultimate
Russell Nelson <[EMAIL PROTECTED]> writes:
> > > It would be better if the solution does NOT need industry
> > > support at all, only user support. It should use what is already
> > > available.
>
>This is the point in the script at which I laugh at you, Ed. S/MIME and PGP
>have been available fo
Russell Nelson wrote:
> also sprach Ed Gerck <[EMAIL PROTECTED]> [2004.05.28.1853 +0200]:
> > It's "industry support". We know what it means: multiple,
> > conflicting approaches, slow, fragmented adoption --> will not
> > work.
In other words change. If you have any alternatives to chan
also sprach Russell Nelson <[EMAIL PROTECTED]> [2004.05.30.0515 +0200]:
> > - The infrastructure is not there. Two standards compete for
> > email cryptography, and both need an infrastructure to back
> > them up.
>
> Two standards? DomainKeys and what else?
I meant PGP and S/MIME
But
> also sprach Ed Gerck <[EMAIL PROTECTED]> [2004.05.28.1853 +0200]:
> > It's "industry support". We know what it means: multiple,
> > conflicting approaches, slow, fragmented adoption --> will not
> > work.
In other words change. If you have any alternatives to change,
please describe th
also sprach Ed Gerck <[EMAIL PROTECTED]> [2004.05.28.1853 +0200]:
> It's "industry support". We know what it means: multiple,
> conflicting approaches, slow, fragmented adoption --> will not
> work. It would be better if the solution does NOT need industry
> support at all, only user support. It sh
On Fri, May 28, 2004 at 03:20:52PM -0400, [EMAIL PROTECTED] wrote:
[...]
> How soon will the spammers get into the business of hosting free mailboxes
> for people who actually buy spamvertized products. Much easier to send the
> spam to their own users, let them indicate their preferences, set up
>
On Fri, 28 May 2004, Ed Gerck wrote:
> The main problem with this approach is revealed in a mind slip by Yahoo
> themselves at http://antispam.yahoo.com/domainkeys :
>
> For consumers, such as Yahoo! Mail users or a grandmother accessing email
> through a small mid-western ISP, industry suppor
On Thu, May 20, 2004 at 10:07:43AM -0400, R. A. Hettinga wrote:
yahoo draft internet standard for using DNS as a public key server
http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt
The main problem with this approach is revealed in a mind slip by Yahoo
themselves at http://ant
thats pretty much DNSSEC, now eleven years old.
or - presuming DNS is fine w/o integrity checks,
one should look at the rational for the creation
of the CERT (x509) resource record back in 1999
and documented in RFC 2538.
>
>
>
> yahoo draft internet sta
On Thu, May 20, 2004 at 10:07:43AM -0400, R. A. Hettinga wrote:
[...]
> yahoo draft internet standard for using DNS as a public key server
> http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt
This sounds quite a lot like the ideas outlined in a paper I
co-authored in 1995, pro
--- begin forwarded text
Date: Wed, 19 May 2004 21:26:31 -0600
From: [EMAIL PROTECTED]
Subject: Yahoo releases internet standard draft for using DNS as public key
server
To: [EMAIL PROTECTED]
List-Post: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://ls.fstc.org/subscribe>,
&l
22 matches
Mail list logo