On Sun, 09 Mar 2003 18:21:40 -0600 Hanasaki JiJi <hanasaki@???> wrote:
> PGP provides for public/private key encryption of the email contents,
> right? No support is needed from the SMTP server.
correct.
it provides:
end-to-end encryption
no special requirements for transport, ordinary SMTP will suffice
authentication of both end users
it does not provide:
guaranteed delivery
guaranteed non-delivery notification
which is to say that the message can disappear with little information
provided to the sender or the recipient.
> Are you refering to a pgp baased authentication for sending email?
no, i'm not aware of any system like this although they could exist.
> the id/pass sent to the smtp server should not be plain text; tls, or
> ssh tunneling, is the only thing I am aware of that addresses this topic.
smtp auth has some non-plaintext authentication methods that are
independent of tls and ssh tunneling.
they're not what i was refering to, though. the original writer was simply
asking about cipher security, and i suggested that the distinction between
RC4 and 3DES was not all that big a deal for a transient communication like
a single piece of email, despite the fact that 3DES is much stronger than
the deprecated (and vulnerable) RC4. i was simply suggesting that if
encryption of the mail was important, than PGP/GPG was preferable to
depending on the somewhat limited capabilities of SMTP over TLS.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
