Author: Walt Reed Date: To: Exim Mailing List Subject: Re: [exim] host use tsl on port 25?
On Tue, Jan 23, 2007 at 01:47:07PM -0500, Dean Brooks said: > On Tue, Jan 23, 2007 at 01:07:58PM -0500, Walt Reed wrote:
> > On Tue, Jan 23, 2007 at 12:54:54PM -0500, Dean Brooks said:
> > >
> > > Not sure why they would be advertising TLS to the outside world without
> > > some sort of auth first
> >
> > Maybe to provide at least some level of privacy in case there are
> > sniffers inbetween (such as various three-lettered agencies...)
>
> There is no guarantee of privacy as you never know what will happen
> to the message following its delivery.
Which is why my statement was qualified with "at least some level" and
not worded as "guaranteed level". Some is better than none IMHO, and
requires zero user training to acheive (unlike traditional email crypto
such as S/MIME or PGP.)
> As far as overhead, TLS can add a significant load on high-volume servers
> in our experience.
Again, this is why I had qualified my statement to specifying a
"moderate" level of traffic. Obviously if you are running your servers
nailed to the wall (barely keeping up with normal levels of traffic,)
any little thing you do that extends transaction times or increases
system load in the slightest way will have a major impact. I would also
expect that any organization running servers at that level already has
plans to resolve that problem (or is on the verge of bankruptcy.)
I would strongly suspect that the OP doesn't have that particular
problem however.
I choose my words carefully to avoid this kind of discussion, but it's
inevitable I suppose...