Robert A. Rosenberg <hal9001(_at_)panix(_dot_)com> wrote:
The simple solution to that is to encrypt the data at the sending location and
decrypt it upon receipt at the receiving location. The data on-the-wire (ie:
The actual data send during the phone call) is thus secure since any
wire-tappers would get data that is useless. Using SSL over the Internet is
basically the same idea.
This is only secure against on-path attackers if you authenticate the
endpoints. If you don't do that you are vulnerable to a man-in-the-middle
attack. If anyone is capable of passive eavesdropping on your connection
they can probably intercept with little extra difficulty.
Note that inter-domain SMTP with STARTTLS is unauthenticated.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
Trafalgar: Variable 4. Moderate or rough. Mainly fair. Good.