Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!linac!att!ucbvax!MIT.EDU!jis
From: jis@MIT.EDU (Jeffrey I. Schiller)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Are There Standards For Secure Mail Transfer Via SMTP?
Message-ID: <9102102022.AA26112@osiris.MIT.EDU>
Date: 10 Feb 91 20:22:42 GMT
References: <16381:Feb1015:07:5791@kramden.acf.nyu.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 33


   Date: 10 Feb 91 15:07:57 GMT
   From: kramden.acf.nyu.edu!brnstnd@nyu.edu  (Dan Bernstein)
   Organization: IR
   References: <1991Feb8.110317.3949@unipalm.uucp>, <1991Feb8.180500.11290@Solbourne.COM>, <1991Feb8.185044.22132@mp.cs.niu.edu>
   Sender: tcp-ip-relay@nic.ddn.mil

   ...

   Sure, RFC 931 isn't a panacea. But it does turn mail into a secure
   protocol, provided that TCP is made secure. Any university sysadmin
   knows that 99% of all sendmail forgers don't have any resources other
   than a telnet connection. Now we can close that hole for good.

I wouldn't go so far as to say it makes mail a "secure" protocol. Though
it does help. However for it to be really useful, all the mail relays
between sender and receiver need to implement it. This is not only
unlikely, but is also beyond the control of the individual sender and
receiver. Furthermore even if all the hosts on the Internet adopted it
tomorrow, you still need to trust the administrations of all the way
points your mail is relayed through. This doesn't lend itself well to
anything but the weakest definition of the term "authentication."

The Privacy Enhanced Mail RFCs (sorry to sound like a salesman myself
here!) define an end-to-end mechanism exactly so that sender and
recipient need have no trust in the intermediate mail relays (and no
requirements on the software that they run). This permits me for example
to route an encrypted, signed mail message to you via Iraq and the
Soviet Union and when you receive it (if you receive it, but that is a
different problem :-) ) know that only you can decrypt its contents and
also know that only I could have originated the message.

			-Jeff