On Fri, 28 Dec 2001 09:43:18 -0800 Claus Assmann <exim@???> wrote:
> On Fri, Dec 28, 2001, Richard Welty wrote:
> > the concern, i think, is that the naive will confuse SMTP over TLS with
> > real security, which it is not. SMTP over TLS cannot be real security
> What is "real security"?
in my world (which, from the rest of your posting, is not really congruent
with your world), real security has the following properties:
1) end to end (in email, this means MUA to MUA)
2) authenticated (both receiver and sender, preferably, and i mean
receiver at the MUA and sender at the MUA.)
3) has data integrity (all data is received, no extraneous data is
inserted.)
4) where necessary, securely encrypted
5) guaranteed delivery or notification of non-delivery
> I can easily achieve "real security" by just using STARTTLS.
> Example: two boxes controlled by two persons (they are the only
> ones who have root on their machines). The MTA checks the certs
> and the mail goes only encrypted (and authenticated) over the wire.
no, you can't, because you can't guarantee that these boxes have not been
compromised. i've done a lot of security work, and if there's one thing i
will not do, it's make unrealistic claims about the security of any
specific system.
additionally, unless you are delivering directly to an IP address, i can
attack DNS and alter MX records for the duration of my requirement.
moreover, your "real security" example suffers from the fact that it
probably represents significantly less than 1% of the real use of the
internet.
PGP-GPG-S/MIME which i brought up earlier suffer their own limitations, in
particular, delivery guarantees are hard to do in SMTP.
richard
--
Richard Welty
rwelty@??? Averill Park Networking
rwelty@??? Unix, Linux, IP Network Engineering, Security
rwelty@??? 518-573-7592