At 08:40 AM 10/16/1997 +0000, Attila T. Hun wrote:
I have not seen any further discussion on my suggestion to create a sendmail type daemon which implements DH between mail clients. this, of course, is on the presumption that DH is a wrapper for an already encrypted packet,
DH between mail clients and servers is a really fine idea if you're starting from scratch, but sendmail is such a wretched hive of crime, corruption, and villainy that nobody in their right mind really wants to mess with it. You could implement it as a sendmail extension using the EHLO stuff, but you'd have to go get people to adopt it widely once you'd done it; I suppose if you could talk Netscape and Eudora into adding DH exchange to their client code and get it into a few popular servers, you'd have a large fraction of the Internet's email encrypted, which would be a Good Thing. It'd still have some major traffic analysis issues, and if you want to deal with the Man In The Middle problem, you need a key distribution infrastructure, which is much harder. An alternative approach is to encrypt everything using IPSEC, and you don't have to mess with Sendmail, but there are performance issues, and there's a lot of work getting it deployed also. Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639