consensus on pgp? can we consolidate for action?

Bill Stewart stewarts at ix.netcom.com
Fri Oct 17 02:30:04 PDT 1997



At 08:40 AM 10/16/1997 +0000, Attila T. Hun wrote:
>    I have not seen any further discussion on my suggestion to
>    create a sendmail type daemon which implements DH between
>    mail clients. this, of course, is on the presumption that DH 
>    is a wrapper for an already encrypted packet, 

DH between mail clients and servers is a really fine idea if you're
starting from scratch, but sendmail is such a wretched hive of
crime, corruption, and villainy that nobody in their right mind
really wants to mess with it.  You could implement it as a sendmail
extension using the EHLO stuff, but you'd have to go get people
to adopt it widely once you'd done it; I suppose if you could talk
Netscape and Eudora into adding DH exchange to their client code
and get it into a few popular servers, you'd have a large fraction 
of the Internet's email encrypted, which would be a Good Thing.
It'd still have some major traffic analysis issues,
and if you want to deal with the Man In The Middle problem,
you need a key distribution infrastructure, which is much harder.

An alternative approach is to encrypt everything using IPSEC,
and you don't have to mess with Sendmail, but there are
performance issues, and there's a lot of work getting it deployed also.
				Thanks!
					Bill
Bill Stewart, stewarts at ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639







More information about the cypherpunks-legacy mailing list