Author: Bill Hacker Date: To: exim Subject: Re: [exim] Securing Email for the prying eyes of any government
Matt wrote:
> Marc Perkel wrote:
>
>
>>So - who thinks this idea will/won't work? And if it won't work - why
>>not?
>
> Very few things are outside the reach of certain governments. It would
> need to be secured from pillar to post.
>
> Also, there is the basic concept that if someone can create something,
> someone else can break it. As always, you can make a task harder, but
> never impossible.
>
>
> Matt
>
'Why not' is not just the technology - it is the environment.
In most countries, laws require service providers to keep logs of *at
least* sender, recipient, subject, timestamps - for anywhere from 2
months to several years - and 'private' or in-house corporate services
(and/or their 'upstream' providers) are not necessarily exempt.
Many - perhaps most - of us here must operate under such regulations
(EU/EC, US, Canada, China, Japan, Singapore... I can't actually name one
that doesn't have such... not even the so-called 'offshore' specialists).
Best to run a standard e-mail service, leave message-content security to
'userland', and try not to take on dodgy clients either.
By injecting weird mail-server configurations into the environment, all
you are likely to accomplish is to attract attention to yourself and
irritate folks whose time would be better spent chasing them wot likes
to knock down buildings while people are still in them.
Whatever else you accomplish, secure communications will NOT be on the
list. Secure communications systems do not use smtp/POP/IMAP - or even,
necessarily, any network(s) or protocols you have ever heard of -
*anyway*.
I am not the 'hall monitor' - but there are lots of other places where
this subject is better discussed than here.
