What email encryption is actually in use?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Oct 1 19:13:39 PDT 2002


"David Howe" <DaveHowe at gmx.co.uk> writes:

>at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
><pgut001 at cs.auckland.ac.nz> was seen to say:
>>For encryption, STARTTLS, which protects more mail than all other
>>email encryption technology combined.  See
>>http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf
>>(towards the back).
>I would dispute that - not that it isn't used and useful, but unless you are
>handing off directly to the "home" machine of the end user (or his direct
>spool) odds are good that the packet will be sent unencrypted somewhere along
>its journey. with TLS you are basically protecting a single link of a
>transmission chain, with no control over the rest of the chain.

As opposed to more conventional encryption, where you're protecting nothing at
any point along the chain, because 99.99% of the user base can't/won't use it.
In any case most email is point-to-point, which means you are protecting the
entire chain (that is, if I send you mail it may go through a few internal
machines here or there, but once it hits the WAN it's straight from my gateway
to yours).

Peter.





More information about the cypherpunks-legacy mailing list