The problem Mr. Howe describes is fundamental, folks: encryption should be end-to-end even when the endpoints are functionaries in a company. Because not all employees are equal. So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and the SMTP link is encrypted, so the bored upstream-ISP netops can't learn anything besides traffic analysis. But once inside XYZ.COM, many unauthorized folks could intercept Bob's email. Access Control is sorely lacking folks. Link encryption is a good idea, but rarely sufficient. At 01:20 PM 10/1/02 +0100, David Howe wrote:
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> was seen to say:
For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See
I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the "home" machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain.