The Smith Report

[Ian BROWN]

>Consider how an ISP/ASP could offer a differentiated service by redirecting 
all
>SMTP through a virus scanner, which then offers a point for content 
monitoring.

One reason we should be telling users why such a "service" might have 
unintended consequences.

>I am gravely disturbed by the suggestion that we can afford to be smug about
>this issue because we are technically skilled, run a particular operating
>system, or for that matter, have a number of PGP keyrings, nym addresses, and
>run anonymous remailers in our spare time.

I was not intending to be smug, simply pointing out that if the (obvious) fact 
that SSL between sendmails leaves the end-points vulnerable concerns you, move 
the end-points.

Netscape 4 has an option to run SSL to an SMTP server. If it also allowed mail 
to be delivered direct to the recipient's server, it would remove one 
end-point. That certainly doesn't require a root password.

Ian.