On Fri, Feb 06, 2004 at 07:37:55PM +1000, Ian Peter wrote:
Is that really a matter of the "email" mechanism or just of the
I think it needs to be addressed by the "email" mechanism, because if
the medium is unsecure, unreliable, untrustworthy, can make false
address claims, or be redirected to somewhere I don't intend it to go
(to give a few examples) email cannot be readily used for secure
You should urgently distinguish between the several layers of
communication. I usually use a layer model quite similar to the
ISO layer model, but mapped to TCP/IP services, where every layer
can have it's own security mechanism, e.g. for e-mail:
1 Physical Physical Protection
2 Data Link Switch/Media encryption
3 Network IPv4/v6 IPSEC
4 Transport TCP SSL
5 Session SMTP ?
6 Presentation RFC822 S/MIME
7 Application MailReader PGP
It sh/could be a task of mail-ng to fill the gap at the '?'.
But this does not mean, that every protection needs to be
at the mail protocol layer (5). Each layer's security mechanism
is limited to the lifetime of the transport mechanism. E.g.
IPSEC might live from router to router only, SSL from Mail-relay
to Mail-relay. And Mail protocol security would last from sender to
receiver, but not any longer.
Especially for financial transactions you definitely need a security
mechanism that lasts longer than just for the transport. This means
that financial transactions require security layers above layer
7 which survive the transport in space and do last in time.
They need a transport independent protocol such as HBCI, which
is an apropriate protocol for such purposes. It must not depend on the
security of the underlying transport mechanism, including anything
what has to do with e-mail transport, and thus financial transactions
must be beyond the scope of a mail transport mechanism.
However, this does not mean to not fill the gap at the '?', it
just means that financial transactions are not the fitting example.
Spam protection is a good example for a mechanism placed at the
Brisbane 4000 Australia
... I love Brizzy and I do miss bending the Bananas...