'Today' considers data retention and IMP
Ian Batten
ukcrypto at chiark.greenend.org.uk
Tue, 13 Jan 2009 12:41:44 +0000
On 12 Jan 09, at 1146, Chris Edwards wrote:
> On Mon, 12 Jan 2009, Igor Mozolevsky wrote:
>
> | 2009/1/11 Chris Edwards:
> |
> | > I see an increasing number of mail systems, including those
> operated by
> | > various UK Universities, that can now *only* be accessed by
> their users
> | > via the TLS versions of IMAP / SMTP / webmail.
> |
> | But these encrypted channels only go between the end user and the
> | server. SMTP-to-SMTP transactions are still done mainly in
> plaintext.
>
> Yep. Even with the user<->server IMAP+SMTP traffic encrypted, black
> boxes
> sitting on backbone links would typically see server<->server SMTP
> traffic
> in the clear.
Typically? I see more and more SMTP servers doing opportunistic TLS
these days. If you turn on TLS without worrying about certificates
being checked (which is after all dealing with a different risk) you'd
be surprised at how much TLS you end up doing to all sorts of people.
ian