'Today' considers data retention and IMP
Paul Jakma
ukcrypto at chiark.greenend.org.uk
Wed, 14 Jan 2009 01:00:22 +0000 (GMT)
On Mon, 12 Jan 2009, Igor Mozolevsky wrote:
> Both methods are still susceptible to inference. In the first one,
> if, say, every time smtp.your-isp.co.uk connected to
> smtp.evil-doer.org was preceded only by you connecting to
> smtp.your-isp.co.uk one could infer that you were the cause of the
> connections to smtp.evil-doer.org.
Your-ISP.co.uk will be logging details of the message, and will
(without question) co-operate with LEAs under RIPA if asked. So
whether Your-ISP.co.uk uses TLS on MTA-MTA connections or not is
quite irrelevant, if we're worried about spying by a police-state at
least.
> In the second case, message envelope is still plaintext, so while
> the interceptors may not know the contents of the message, they do
> know whom the message is going to, the subject line and the size of
> data you are sending.
That could be a problem for anyone smart enough to encrypt the body
but stupid enough to incriminate themselves in the Subject, yes. :)
(Pedantry: The subject is not part of the envelope..)
The inter-communication information does get leaked, yes. That should
be less sensitive than the actual content of messages though. I guess
there are ways to obscure it too, but I don't know.
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
Fortune:
No matter where I go, the place is always called "here".