Re: Bruce Schneier on IPsec

[Henry Spencer <henry@spsystems.net>]

On Thu, 3 Feb 2000, Phil Karn wrote:
> You miss my point. The introduction of POP, IMAP and outbound mail
> relays has destroyed the end-to-end nature of TCP/IP... your email is
> still exposed on the POP/IMAP/SMTP servers, and IPSEC is powerless to
> protect it...

I would say that POP etc. are johnny-come-latelies here.  SMTP stopped
being guaranteed end-to-end with the advent of the MX record.  (Indeed,
somewhat before that if you were on, say, CSNET -- MX just formalized
and generalized tricks which were already being done by special-case 
kludges.)

> Only a tool like PGP, run at the ultimate endpoints (i.e.,
> the users' mail agents), can provide true end-to-end email security.

If one is taking "end-to-end" in this strong a sense, then one should not
muddy the waters with references to POP etc.  Not even pre-MX SMTP
delivered this level of end-to-end-ness; delivery direct to your host
seldom, if ever, implied delivery direct to your mail agent.  (And for
that matter, even delivery direct to your mail agent still requires that
you trust the infrastructure it is running on, e.g. the memory protection
of the operating system.)

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• Re: Bruce Schneier on IPsec
• From: Michael Thomas <mat@cisco.com>

References:

• Re: Bruce Schneier on IPsec
• From: Phil Karn <karn@qualcomm.com>

---

• Prev by Date: Re: Bruce Schneier on IPsec
• Next by Date: Re: Bruce Schneier on IPsec
• Prev by thread: Re: Bruce Schneier on IPsec
• Next by thread: Re: Bruce Schneier on IPsec
• Index(es):
  • Main
  • Thread