Hi Tonnerre, > From a cryptographical point of view, this would be a dangerous setup. > You're transmitting the same message encrypted (local MX <-> Client) > as well as unencrypted (sending MX <-> local MX). This leaves you > open to a known plaintext attack against your server's private key, > because it gives you an opportunity to gain more and more information > about the key in use, and all you have to do is send regular-looking > SPAM to the user.
What kind of explanation is this? If the local MX is relaying the message it will add Received headers which will modify the message, thus starting a known plaintext attack on that communication is an adventurous thing. And you still have to interceipt both communications. And even then, given timestamps and nonces I guess you're heading nowhere... But basically what you say is that every website that is available though HTTP and HTTPS is subject to an attack against its private key. We offer STARTTLS over SMTP and SMTP over SSL for our custommers that want to relay their mail over our mailservers (with authentication). We also offer POP3 over SSL and Webmail over HTTPS in order to protect the passwords of our custommers. We recommend everyone to use it but we can't force it. Regards. Jean-Pierre -- HILOTEC Engineering + Consulting AG Energietechnik und Datensysteme Tel: +41 34 402 74 00 - http://www.hilotec.com/ _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
