crypto questions - encrypted mail standards
Greg Broiles
gbroiles at netbox.com
Wed Dec 20 07:12:45 PST 2000
On Wed, Dec 20, 2000 at 01:41:07AM -0800, Bill Stewart wrote:
>
> A separate discussion over on coderpunks maybe helpful here.
>
> >From: John Gilmore <gnu at toad.com>
> >
> >> Bram - you can do encryption at the Mail Transfer Agent layer,
> >> like encrypting versions of SMTP, or in the mail header/body layer,
> >>
> >> I'm not sure where to find the standards for encrypting SMTP,
> >> but there are some; look around on sendmail.com.
> >
> >See RFC 2487, "SMTP Service Extension for Secure SMTP over TLS", which
> >adds the "STARTTLS" command and HELO extension option to the SMTP
> >specification. This permits two SMTP servers to negotiate to use TLS
> >(also known as SSL) encryption before sending email.
Eric Rescorla's new book, "SSL and TLS: Designing and Building Secure
Systems" includes two chapters which may be apropos - one which discusses
securing SMTP with SSL (including the limitations of that approach), and
one which discusses alternative means to reach a similar end, e.g., IPsec
or object encryption (where encrypted messages are sent over insecure
pipes).
It's also generally a very helpful book, and includes a much more
detailed discussion of the ephemeral DH modes than does the other
contender, "SSL and TLS Essentials: Securing the Web" (also useful)
by Stephen Thomas.
--
Greg Broiles gbroiles at netbox.com
PO Box 897
Oakland CA 94604
More information about the cypherpunks-legacy
mailing list