mailing list archives
Re: sniffing plaintext protocols
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Fri, 11 Aug 2006 07:34:00 +0200
While this discussion doesn't quite seem to match the list subject, I
have something to say here.
On Thu, 2006-08-10 at 10:27 -0700, Gary E. Miller wrote:
How about pop3 and smtp? There is no secure alternative beside using pgp,
Most modern pop3 and imap clients and servers support TLS. That protentially
gives you a certificate protected channel between the client and server.
A nice setup is dovecot server and thunderbird client using all TLS.
This doesn't protect your mail at all if one of the mail servers
underway demands to receive the mail unencrypted, which a lot of mail
servers still do these days. Even worse, this gives anyone with the
desire to crack your local TLS certificate for pop3s/imaps a huge
opportunity for a known plaintext attack.
The only real way to secure the contents (not the sender and
receipient!) of your mail is to use PGP encryption on it. If you want to
hide the metadata (who sent mail to who and about what) as well, you'll
have to go for mixes, but they're pretty uneasy to get right...
Loesungen mit System
Tel:+41 61 333 80 33 Roeschenzerstrasse 9
Fax:+41 61 383 14 67 4153 Reinach BL
Web:www.sygroup.ch tonnerre.lombard () sygroup ch
Description: This is a digitally signed message part