Re: Crypto-sendmail (was Crypto Coding Project)

Adam Shostack (adam@weathership.homeport.org)
Wed, 19 Aug 1998 09:39:54 -0400

• Next message: Perry E. Metzger: "Re: Crypto Coding Project"
• Previous message: Trei, Peter: "Crypto-sendmail (was Crypto Coding Project)"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: EKR: "Re: Crypto-sendmail (was Crypto Coding Project)"
• Reply: EKR: "Re: Crypto-sendmail (was Crypto Coding Project)"
• Reply: Ng Pheng Siong: "Re: Crypto-sendmail (was Crypto Coding Project)"

Would it be more useful to build a reasonably generic 'crypto tunnel'
than a sendmail extention? Would it be substantially harder?

I ask because most of my machines today run qmail, and I hope will
soon run Vmailer.

The first hurdle is to bind into the connect() in some useful way
on the outbound connection. On the inbound, a wrapper program (think
tcpd) can probably be used.

Adam

On Wed, Aug 19, 1998 at 03:18:09PM +0200, Trei, Peter wrote:
| I'd like to second Perry's suggestion of
| building a crypto-enabled version of sendmail.
|
| Such a sendmail would use a DH exchange to set
| up a link with perfect forward secrecy. The
| end users need not do *anything*: he or she
| does not even need to know that encryption
| is being used - the sendmail would detect
| whether it's partner was also crypto enabled,
| and act appropriately.
|
| In many cases, the sender would not even need
| to install a crypto enabled client, since much
| mail passes through gateways and firewall
| proxies 'near' to the sender before entering the
| public Internet. If the gateway or proxy encrypts,
| the entire process is perfectly transparent to
| the end user.
|
| While strong authentication of the end parties
| would be nice, even an unauthenticated DH exchange
| is much, much better than nothing. A man-in-the-middle
| attack on the DH exhange is an active attack, and
| the capacity even a well-heeled criminal organization
| to mount real-time MITM attacks vs millions of
| mail connections per day is limited. Access to the
| unencrypted sections of the link would be much
| more difficult than compromising a few
| key backbone routers.
|
| Instead of having to persuade millions of ignorant
| end users to use crypto email clients and obtain
| keys and certificates, all it takes is a single
| sysadmin installing the proper sendmail or mail
| gateway to provide greatly improved security for
| hundreds of users.
|
| We could protect millions people from espionage,
| without even telling them.
|
| I realize that this is not the perfect end-to-end
| crypto most of us would prefer, but it's far
| better than what most people do today.
|
| Remember: "The best is the enemy of the good"
|
| Peter Trei

• Next message: Perry E. Metzger: "Re: Crypto Coding Project"
• Previous message: Trei, Peter: "Crypto-sendmail (was Crypto Coding Project)"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: EKR: "Re: Crypto-sendmail (was Crypto Coding Project)"
• Reply: EKR: "Re: Crypto-sendmail (was Crypto Coding Project)"
• Reply: Ng Pheng Siong: "Re: Crypto-sendmail (was Crypto Coding Project)"