From: Eugen Leitl (eugen@leitl.org)
Date: Fri Oct 18 2002 - 05:26:29 MDT
On Fri, 18 Oct 2002, Emlyn O'regan wrote:
> (I just read cryptonomicon for the first time; can't shake the
> paranoia about communicating in the clear!)
This very message gets amplified by two to three orders of magnitude, and
goes fanned out all over the world. It is not paranoia to assume that a
fair fraction of not all of them make a passage through an ASIC bank
somewhere, or past a racked box with a NIC switched to promiscuous mode.
In fact it's pure prudence to assume this is happening.
Now, can you do something about it? Of course. There's a thing called
STARTTLS (RFC 2487), which is available in form of patches for all
mainstream MTAs (sendmail, qmail, postfix, exim). In fact, the author of
qmail is taking the matter to court next week, I believe, intending to
make STARTTLS default in qmail (can be wrong about this, though). On the
last leg of the journey there's IMAP/SSL and POP/SSL, supported by most
email clients. Purists can just ssh to a *nix account (unfortunately, I
can't run an MTA reliably from a largely blackholed dialup IP pool), and
use a MUA reading directly from the mailspool.
This is still not bulletproof, since you can MITM attack the public key
exchange, but there are measures against that (a few admin vigilantes
verifying the fingerprint via voice, caching of certs and
cross-correlation of (IP, cert) tuples across many machines, raising alarm
when a cert has changed, etc), and we're clearly decades away from the
capability of blanket MITM. Basically, this mode of attack is currently
completely theoretical, and we should rather work protecting the bulk of
all email traffic (instead of a small fraction as it is happening
currently) against blanket snoopery.
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:17:39 MST