Re: Crypto-sendmail (was Crypto Coding Project)

C Matthew Curtin (cmcurtin@interhack.net)
Wed, 19 Aug 1998 23:51:30 -0400 (EDT)

• Next message: Daniel R. Oelke: "MD5 or SHA code"
• Previous message: mok-kong shen: "Re: Crypto Coding Project"
• In reply to: Rich Salz: "Re: Crypto Coding Project"
• Next in thread: proff@iq.org: "Re: Crypto-sendmail (was Crypto Coding Project)"
• Reply: proff@iq.org: "Re: Crypto-sendmail (was Crypto Coding Project)"

>>>>> "Peter" == Trei, Peter <ptrei@securitydynamics.com> writes:

Peter> I'd like to second Perry's suggestion of building a
Peter> crypto-enabled version of sendmail.

As do I.

Probably about two years ago, I suggested this very thing to Eric
Allman, et al. I received back a number of negative replies,
including some remarks to the effect of `too many people confusing
transport-layer security with application-layer'[*], and that securing
the SMTP transport mechanism was the Wrong Thing to do, especially in
light of PGP at one end of the spectrum and "IPsec stuff" at the other
end.

[* I don't remember exactly what the words were, so I might be
misquoting here. The point is that, irony of ironies, I was being
given a bit of a lecture on security from the maintainers of sendmail.
I found this more than a little bit amusing, and sad.]

-- 
Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/

• Next message: Daniel R. Oelke: "MD5 or SHA code"
• Previous message: mok-kong shen: "Re: Crypto Coding Project"
• In reply to: Rich Salz: "Re: Crypto Coding Project"
• Next in thread: proff@iq.org: "Re: Crypto-sendmail (was Crypto Coding Project)"
• Reply: proff@iq.org: "Re: Crypto-sendmail (was Crypto Coding Project)"