'Today' considers data retention and IMP
Igor Mozolevsky
ukcrypto at chiark.greenend.org.uk
Mon, 12 Jan 2009 19:38:55 +0000
2009/1/12 Paul Jakma:
> On Mon, 12 Jan 2009, Igor Mozolevsky wrote:
>
>> But these encrypted channels only go between the end user and the server.
>> SMTP-to-SMTP transactions are still done mainly in plaintext.
>
> I don't know about proportion of transactions on the net, but several
> systems ship sendmail to do STARTTLS by default.
and in another message:
> If you want end-end security, you need to encrypt your message yourself.
Both methods are still susceptible to inference. In the first one, if,
say, every time smtp.your-isp.co.uk connected to smtp.evil-doer.org
was preceded only by you connecting to smtp.your-isp.co.uk one could
infer that you were the cause of the connections to
smtp.evil-doer.org. In the second case, message envelope is still
plaintext, so while the interceptors may not know the contents of the
message, they do know whom the message is going to, the subject line
and the size of data you are sending.
--
Igor :-)