On Wed, Aug 28, 2002 at 03:26:47PM +1200, Peter Gutmann wrote:
Eugen Leitl <eugen@leitl.org> writes:
(actually, I wrote:)
It's relatively easy to turn on TLS in sendmail. It's not secure against active attackers that can modify the data in the TCP stream but it's better than nothing.
Actually it's better than any other mail security out there. See the slides for my talk at Usenix Security (http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf) for more details (the StartTLS stuff is about halfway through).
It depends on how you define "better". STARTTLS is defeated by Norton AV (silently!) and probably other programs... if not now, then soon. Mail is rarely stolen when in transit, it's much easier to steal it from the destination spool, and STARTTLS does nothing to protect stored mail. The authentication option is only used to authenticate roaming SMTP clients, and probably not often even then since distributing client certificates is hard and too many IT folks still think encrypted == secure. If you define "better" as "more secure", or even "secure against most classes of attackers", it's not better, it's a waste of CPU time. But if you define "better" as "secure against passive eavesdroppers" or as "increases the use of crypto", then it's better. What's needed is something that IS better for both definitions and is as easy to set up as STARTTLS... same thing that's been needed for the last 10 years. Eric