[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec



>POP and IMAP servers are one place to apply IPSEC. Instead of having
>to create special SSLized POP/IMAP/etc clients, one could have
>machines running the servers require IPSEC for accessing the
>services. This is just another form of end-to-end application.

You miss my point. The introduction of POP, IMAP and outbound mail
relays has destroyed the end-to-end nature of TCP/IP. Sure, you can
apply IPSEC to POP and IMAP sessions, just like any other TCP/IP
application. That would be better than nothing. But your email is
still exposed on the POP/IMAP/SMTP servers, and IPSEC is powerless to
protect it. Only a tool like PGP, run at the ultimate endpoints (i.e.,
the users' mail agents), can provide true end-to-end email security.

Phil



Follow-Ups: References: