Re[2]: [Exim] OT: TLS encryption strength

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: Re[2]: [Exim] OT: TLS encryption strength
On Sun, 09 Mar 2003 18:21:40 -0600 Hanasaki JiJi <hanasaki@???> wrote:

> PGP provides for public/private key encryption of the email contents,
> right? No support is needed from the SMTP server.


correct.

it provides:

end-to-end encryption
no special requirements for transport, ordinary SMTP will suffice
authentication of both end users

it does not provide:

guaranteed delivery
guaranteed non-delivery notification

which is to say that the message can disappear with little information
provided to the sender or the recipient.

> Are you refering to a pgp baased authentication for sending email?


no, i'm not aware of any system like this although they could exist.

> the id/pass sent to the smtp server should not be plain text; tls, or
> ssh tunneling, is the only thing I am aware of that addresses this topic.


smtp auth has some non-plaintext authentication methods that are
independent of tls and ssh tunneling.

they're not what i was refering to, though. the original writer was simply
asking about cipher security, and i suggested that the distinction between
RC4 and 3DES was not all that big a deal for a transient communication like
a single piece of email, despite the fact that 3DES is much stronger than
the deprecated (and vulnerable) RC4. i was simply suggesting that if
encryption of the mail was important, than PGP/GPG was preferable to
depending on the somewhat limited capabilities of SMTP over TLS.

richard
--
Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security