"If you DON'T use encryption, you help the terrorists win"

Sunder sunder at sunder.net
Wed Oct 29 10:50:37 PST 2003


The push to do that should be aimed at the MTA authors and package
organizers.  If you can get it turned on by default, you're half way
there.  Last time I tried to fuck with this on qmail, I had to patch qmail
to support it.  Not something I'd like to do again - hopefully it's
changed a bit.  

>From 1st hand experience - it is indeed a pain in the ass.

But if you can get the big projects to turn it on by default for all/most
of the MTA's, then you can push the bigger fish to do so as well.  I'd
start with OpenBSD - they're likely to be friendlier to the idea.  Then
you can push FreeBSD, NetBSD, RedHat Linux, Mandrake, and so on...  Then
the MTA authors, then Solaris (which seems to be bent on copying whatever
Linux does) and so on....

Strangely enough, I recall that of all the entitites, out there MSFT had
implemented some sort of secure SMTP in somne version of IIS.. like
4.0...  Not sure about Exchange and its ilk...


----------------------Kaos-Keraunos-Kybernetos---------------------------
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.        \|/
 + v + :           The look on Sadam's face - priceless!       
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------

On Wed, 29 Oct 2003, Eugen Leitl wrote:

> On Wed, Oct 29, 2003 at 11:28:08AM -0500, Sunder wrote:
> > The biggest hurdle and the thing that will have the most effect is to have
> > every MTA out there turn on Start TLS.  It won't provide a big enhancement
> 
> For the record: it's unreasonably difficult (for a pedestrian
> sysadmin such as me) to set up StartTLS. Debian unstable ships
> with postfix-tls (albeit not installed as default), but apt-get install
> postfix-tls
> doesn't take care of the self-signed cert generation, and setting up
> /etc/postfix/main.cf for StartTLS support.
> 
> It would be a most cypherpunkly undertaking to get that package to do that.
> (I have no idea how Debian packages work, unfortunately).





More information about the cypherpunks-legacy mailing list