On Fri, Dec 28, 2001, Richard Welty wrote: > On Fri, 28 Dec 2001 09:43:18 -0800 Claus Assmann <exim@???> wrote: > no, you can't, because you can't guarantee that these boxes have not been
> compromised. i've done a lot of security work, and if there's one thing i
So? What's the difference between STARTTLS and S/MIME etc in
this respect?
> will not do, it's make unrealistic claims about the security of any
> specific system.
>
> additionally, unless you are delivering directly to an IP address, i can
> attack DNS and alter MX records for the duration of my requirement.
You can alter those MX records as much as you like. My MTA won't
deliver to yours when I want to send mail to a friend because you
don't have his cert.
> moreover, your "real security" example suffers from the fact that it
> probably represents significantly less than 1% of the real use of the
> internet.
Your "real security" is barely better than mine... All you add is
encrypted storage on the recipient system (by default). Everything
else I can achieve too with STARTTLS _provided_ those boxes are
"single user".
Ok, this seems to be far enough "off topic", I guess we both
understand the (dis)advantages of MUA-to-MUA vs. MTA-to-MTA
security.
