On Wed, Oct 29, 2003 at 11:28:08AM -0500, Sunder wrote:
The biggest hurdle and the thing that will have the most effect is to have every MTA out there turn on Start TLS. It won't provide a big enhancement
For the record: it's unreasonably difficult (for a pedestrian sysadmin such as me) to set up StartTLS. Debian unstable ships with postfix-tls (albeit not installed as default), but apt-get install postfix-tls doesn't take care of the self-signed cert generation, and setting up /etc/postfix/main.cf for StartTLS support. It would be a most cypherpunkly undertaking to get that package to do that. (I have no idea how Debian packages work, unfortunately).
in terms of security at the ISP level, but it will blind the global content search engines everywhere. Except, of course, at those ISP's already infected by carnivore boxes - which at least aren't allowed by law to capture all traffic, but I wouldn't put money that they'd follow it.
So the first course of action is to convince MTA authors everywhere to enable and turn this on. Later, they could drop support for non-TLS traffic. It could also help against spamming somehow, as it will cost the spammer a few more CPU cycles. (But this will be a very weak deterrent against spam.)
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]