The push to do that should be aimed at the MTA authors and package organizers. If you can get it turned on by default, you're half way there. Last time I tried to fuck with this on qmail, I had to patch qmail to support it. Not something I'd like to do again - hopefully it's changed a bit.
From 1st hand experience - it is indeed a pain in the ass.
But if you can get the big projects to turn it on by default for all/most of the MTA's, then you can push the bigger fish to do so as well. I'd start with OpenBSD - they're likely to be friendlier to the idea. Then you can push FreeBSD, NetBSD, RedHat Linux, Mandrake, and so on... Then the MTA authors, then Solaris (which seems to be bent on copying whatever Linux does) and so on.... Strangely enough, I recall that of all the entitites, out there MSFT had implemented some sort of secure SMTP in somne version of IIS.. like 4.0... Not sure about Exchange and its ilk... ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Wed, 29 Oct 2003, Eugen Leitl wrote:
On Wed, Oct 29, 2003 at 11:28:08AM -0500, Sunder wrote:
The biggest hurdle and the thing that will have the most effect is to have every MTA out there turn on Start TLS. It won't provide a big enhancement
For the record: it's unreasonably difficult (for a pedestrian sysadmin such as me) to set up StartTLS. Debian unstable ships with postfix-tls (albeit not installed as default), but apt-get install postfix-tls doesn't take care of the self-signed cert generation, and setting up /etc/postfix/main.cf for StartTLS support.
It would be a most cypherpunkly undertaking to get that package to do that. (I have no idea how Debian packages work, unfortunately).