How could that be since STARTLS is hop-by-hop and not
end-to-end? This is comparing apples and oranges, isn't it?
No, end-to-end security is a bogus concept.
Sure it looks great in theory, but the cost of deploying all
those end user certificates is simply beyond most enterprises.
If you look at the problem from a risk assement point of view
it is entirely reasonable to secure email internaly by using
SSL to secure communication with the email server and then to use
SSL to secure the hop over the Internet where the email is
most likely to be intercepted.
Sure there is a residual risk, my mail server can be compromised.
But the cost of deploying SSL based encryption is small, the
benefit is huge. It does not hurt to deploy both. The big downside
of SSL is not that it is hop-by-hop, the real problem is that
you cannot be confident it will be applied.
Sure they might be apples and oranges. But if you put apples
and oranges together you have a fruit salad.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg