Author: Jan-Peter Koopmann Date: To: Exim User's Mailing List Subject: RE: [exim] Securing Email for the prying eyes of any government
On Tuesday, January 11, 2005 9:06 PM Greg A. Woods wrote:
>> while part of me agrees this obviously leads to new problems.
>> Virus/Spam gateways would cease to function etc. And honestly I do
>> not like the idea of having just one line of defence on the
>> recipient PC when it comes to viruses...
>
> "new problems"?!?!?! I don't think so! They're already "old".
<irony> Oh really? I was not aware of that. Dumb little me... </irony>
Of course these problems have been foreseen by many of us. Still: If you try to solve the original privacy/secrecy problem by end-to-end encryption this leads you to a new (would followup be a better word) problem. That's all I meant.
> Virus and spam filtering gateways have had a clearly and
> obviously limited potential right from day one.
Correct. So does end-point security in the form of one virus scanner etc. on a users client (especially windows client). All I am saying is: Currently you cannot have both.
> Expect more, lots more, and with lots more variations.
We do which is why we usually do not accept password encrypted ZIPs etc.
> The only real solution to viruses and worms will be when the
> world finally wakes up and realizes that end-user system
> security is an absolute necessity, even when it gets in the
> way of simplicity and ease of use.
Again I tend to agree but it's not that simple (knowing your answer will be "yes it is"). But from my point of view a system must still be simple to use. You and I will get along with a more complicated system but most users are simply not capable. So either there is a solution which works automatically or one that is darn easy to use and does _not_ get in the way of simplicity and easy of use. Otherwise what will happen is that you will spend more time/money on secrecy etc. that you would loose if your data is snooped around in.
> Also note that for any real security/privacy needs there's
> _NEVER_ going to be any viable server-based solution unless
> we _all_ go back to logging into the server to read our mail
> like in the good old multi-user shared system days. For
> privacy to work the encryption _MUST_ be end-to-end -- there is no
> other way.
Sure there is. Depending on your/the customers need. If you trust your internal network/mail server there is no real problem. Moreover in many cases you do not want to allow real end-to-end user encryption. E.g. it would make stealing company secrets and sending them of to others to easy. Or the employer is fired and you need access to his data. I know about advanced decreption keys etc. but depending on your definition that again breaks total security.
> Maybe you need to read Bruce Schneier's "Secrets & Lies:
> Digital Security in a Networked World". (again if you
> already have :-) It's the best single intro to all these
> issues I know of.
Maybe you should get back to earth for a change? :-) I know the world is not perfect and as an IT consultant I am crying out loud each and every day when I see things our customers do and propose. Still, praying for a world-wide change in user behaviour is nothing I expect to aid here. You will barely be able to implement a "good" solution. Why not try to make things as good as possible in the first place? And securing your transport protocols from MTA to MTA is a good and easy start. Nothing more and nothing less.
