Re: Securing Internet mail at the MTA level
SSH, while a quite useful tool, is not the right long-term solution for transport layer security - IP security is. It's also clear to me that for E-mail, you don't want transport level security for the system; you want "object" security, that is, digital signature and encryption of the mail message. That way, no matter how many MTAs the message passes through (and pretty much regardless of how trustworthy they are) you have end-to-end authentication, integrity and privacy. Erik Fair <fair@clock.org>
you really need both object and transport level security; the transport level stuff helps protect against traffic analysis; the real authentication and privacy coming from the object level stuff. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet.........
While I agree in general, I think I'd rather see effort spent on getting everyone on message security first, and worry about traffic analysis later. My fear is that, having attempted (since it's unlikely we'll ever manage to get 100%) to secure the transport, people will stop worrying about message security, and let that slide. To put it another way, the first order of business is to prevent everyone from reading the mails. We can afford to worry about second order effects like traffic analysis after message security is well under way (say, 50% of all nominally private message traffic is encrypted). Or, put it yet another way: time for everyone to host a PGP key signing party for your friends, neighbors, and co-workers! Erik E. Fair fair@clock.org
"Erik E. Fair" writes:
SSH, while a quite useful tool, is not the right long-term solution for transport layer security - IP security is.
Agreed. (After all, I'm one of the creators of the spec, so how couldn't I agree :) However, SSH is a neat hack for today -- I use it for connecting over the net to machines where I can't hack the operating system but can drop SSH on. An SSH like interface (actually, Berkeley r-command like interface) will still be needed into the future, btw.
It's also clear to me that for E-mail, you don't want transport level security for the system; you want "object" security, that is, digital signature and encryption of the mail message.
Yup. This is a frequently missed point. Link security and object security have different uses at different times -- and people confuse them way too often. Perry
participants (3)
-
Erik E. Fair -
Perry E. Metzger -
Simon Spero