On Mon, 17 Mar 2003 18:38:21 EST, Damien Morton said:
Would all data between mail servers needs to be encrypted? I would
imagine that only a secure handshake on conection would be required.
Strictly speaking, yes. However, once you've done the handshake, keeping
the data connection encrypted is a relatively low overhead issue - all the
CPU cost is front-loaded on the handshake.
<rant>
Plus there's non-spam reasons for encrypting the whole transaction - it
makes life difficult for Echelon-like systems. Some of us don't trust our
governments, and may not want to use crypto for only our sensitive data,
as if only 5% of your traffic is encrypted it's a red flag. But if it's
ALL encrypted, their traffic analysis gets much harder.
Question: How many Nobel Peace Prize winners have terrorists and organized
crime wiretapped? And how many has the US government confessed to wiretapping?
</rant>
pgptr1fNcK8eA.pgp
Description: PGP signature