A separate discussion over on coderpunks maybe helpful here.
To: Bill Stewart <bill.stewart@pobox.com> Cc: Bram Cohen <bram@gawth.com>, gnu@toad.com Subject: Re: encrypted mail standards Date: Tue, 19 Dec 2000 23:34:55 -0800 From: John Gilmore <gnu@toad.com>
Bram - you can do encryption at the Mail Transfer Agent layer, like encrypting versions of SMTP, or in the mail header/body layer,
I'm not sure where to find the standards for encrypting SMTP, but there are some; look around on sendmail.com.
See RFC 2487, "SMTP Service Extension for Secure SMTP over TLS", which adds the "STARTTLS" command and HELO extension option to the SMTP specification. This permits two SMTP servers to negotiate to use TLS (also known as SSL) encryption before sending email.
There are ways to run POP or IMAP using TLS/SSL as well, but I don't have the standards at my fingertips for this.
Also, John Gilmore may have funded some non-American developer to do an implementation.
Nope; sendmail.com did an implementation and released it once the export rules changed. It's in the current free sendmail release.
John
Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639