[Mimedefang] FTC asks ISPs to crack down on zombie PCs
Josh Kelley
josh at jbc.edu
Thu May 26 16:22:33 EDT 2005
James Ebright wrote:
>On Thu, 26 May 2005 15:20:33 -0400, WBrown wrote
>
>
>>Ummm wouldn't TLS only encrypt the traffic between the two servers
>>involved at the moment, ie, your mail server and theirs as you relay
>>though it? Encrypting the contents of the message would keep it out
>>of their hands.
>>
>>
>It encrypts the transmission of the message(s) from MUA through to Final
>Delivery MTA Assuming every MTA in the middle can handle TLS, once a non TLS
>MTA is hit from there on it is regular ole plaint text.
>
>
Sorry, I don't think this is correct:
My MUA doesn't know the final delivery MTA, so it can't encrypt a
message for viewing by the final delivery MTA only. Instead, it uses
TLS to encrypt the entire SMTP conversation with my local MTA. My local
MTA then takes the plaintext message and passes it on to the next MTA in
the delivery chain. If the next MTA supports TLS, then the message is
re-encrypted, passed across the wire as part of an encrypted SMTP
conversation, and again decrypted by the next MTA. And so on to the
final location. TLS encrypts traffic across the wire, but each MTA in
the chain sees the message.
Like WBrown said, if you don't want ISPs reading your mail, encrypt the
messages, don't rely on TLS.
This is at least my understanding. If I'm missing something, please let
me know.
Josh Kelley
More information about the MIMEDefang
mailing list