On Tue, Mar 04, 2003 at 09:58:40AM +1300,
mike(_dot_)pearson(_at_)ssc(_dot_)govt(_dot_)nz wrote:
OBSERVATIONS: Firstly some observations about the other
tools we have at our disposal:
1. Text filters (reject messages if "string" found):
2. Blacklists (reject messages from senders on the list):
3. Whitelists (accept messages from senders on the list):
I agree that these three methods don't work properly.
CONCEPT: And now the concept...
The New Zealand government has developed a specification for
securing Internet email (authentication/encryption/integrity),
between agencies, using S/MIME gateways.
http://www.e-government.govt.nz/see/mail/index.asp
Naw, I don't see that this could work in the internet for those
reasons:
- Almost the same could be achieved by simply using the
STARTTLS command of ESMTP. Our rackland server is configured
to use it, but a view on the log files shows that extremely
few other servers support this.
S/MIME - precisely: the PKI - is simply too complicated for most
mail admins. Otherwise most relays would already use it.
Why not simply use TLS if it already exists and is implemented?
Because people refuse to use it.
- The cryptographic approach depends on a working PKI. It works in
NZ government, because this is a centralized organization with a
single authority. Setting up a PKI in such an environment is easy.
But how do you want to setup a PKI in the whole internet? All
efforts to do so failed so far. There are even countries where such
a use of cryptography is illegal.
- Cryptographic keys can be stolen or get lost. Do you really believe
that these keys will stay safe and secret on all those Windows boxes
in the world?
How would you establish such a S/MIME infrastructure in, lets say,
Northkorea, Iraq, some of the states of Africa?
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg