For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the "home" machine of the end user (or his
For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other
If I don't know you, whether it's signed or not is irrelevant. Depends on the definition of "know". If a poster had a regular habit of
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> was seen to say: direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. than to establish an association (key-->poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. It is unusual for me to use a sig outside of encrypt+sign. posting at least one signed message every week, and had never protested that the sigs were faked, then you could assume that the poster whose sig just cleared is the same as the poster who has been posting for that time period - mapping that to any real-world individual is more problematic, but mostly you don't need to. There are plenty of people I only know online from email exchanges, and in some cases am not even sure what sex they are :)