Agreed. Which is why I pointed out that the encryption taking place under-the-hood tends to be a reasonable defense against a passive or less-resourced attacker while being frequently unsuitable against the
Whoever taps SMTP/POP3 bitstreams is hardly less-resourced. The only adversary you need to worry about is the resourceful one.
decision. But that does not mean that no security benefits are to be had from opportunistic encryption of Internet traffic.
Any massive deployment of crypto is subvertible. I see no way around it - it's like microsoft windows' vulnerabilities. To be safe, crypto needs to be diverse, custom-made and manual. The brain cycles you spend when encrypting are the only real defense.
friend's nor my ISP to have ready access to the cleartext of that email. Fortunately, we had encrypted SMTP connections end-to-end, thus protecting the contents of the email from the ISP's, albeit perhaps not from the NSA.
Very few run their own SMTP. Your own SMTP on your own box is not much different from PGP eudora plug-in autoencrypting. But you cannot use this argument to preach benefits of under-the-hood crypto - when almost all internet mail traffic uses ISP-owned SMTP servers.
noticed that a good majority of the P2P efforts introduced at CODECON all included support for encryption as part of the protocol. The various
I predict that first attempt to apply this on the gnutella/morpheus/kazaa/napster scale will lead to clampdown. Which is the reason that no one did it. We don't want osama sending orders that way. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com