Re: [Exim] TLS Problem

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Claus Assmann
Datum:  
To: exim-users
Betreff: Re: [Exim] TLS Problem
On Fri, Dec 28, 2001, Richard Welty wrote:
> On Fri, 28 Dec 2001 09:43:18 -0800 Claus Assmann <exim@???> wrote:


> no, you can't, because you can't guarantee that these boxes have not been
> compromised. i've done a lot of security work, and if there's one thing i


So? What's the difference between STARTTLS and S/MIME etc in
this respect?

> will not do, it's make unrealistic claims about the security of any
> specific system.
>
> additionally, unless you are delivering directly to an IP address, i can
> attack DNS and alter MX records for the duration of my requirement.


You can alter those MX records as much as you like. My MTA won't
deliver to yours when I want to send mail to a friend because you
don't have his cert.

> moreover, your "real security" example suffers from the fact that it
> probably represents significantly less than 1% of the real use of the
> internet.


Your "real security" is barely better than mine... All you add is
encrypted storage on the recipient system (by default). Everything
else I can achieve too with STARTTLS _provided_ those boxes are
"single user".

Ok, this seems to be far enough "off topic", I guess we both
understand the (dis)advantages of MUA-to-MUA vs. MTA-to-MTA
security.