[Top] [All Lists]

Re: Recipient is offline

2011-09-05 04:43:26

Robert A. Rosenberg <hal9001(_at_)panix(_dot_)com> wrote:

The simple solution to that is to encrypt the data at the sending location and
decrypt it upon receipt at the receiving location. The data on-the-wire (ie:
The actual data send during the phone call) is thus secure since any
wire-tappers would get data that is useless. Using SSL over the Internet is
basically the same idea.

This is only secure against on-path attackers if you authenticate the
endpoints. If you don't do that you are vulnerable to a man-in-the-middle
attack. If anyone is capable of passive eavesdropping on your connection
they can probably intercept with little extra difficulty.

Note that inter-domain SMTP with STARTTLS is unauthenticated.

f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>
Trafalgar: Variable 4. Moderate or rough. Mainly fair. Good.

<Prev in Thread] Current Thread [Next in Thread>