h a l f b a k e r ySee website for details.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
While there are many ways of encrypting ones personal email before sending it, there is one major problem with todays smtp based internet email system. Email is sent in plain text with no encryption. While a total revamping of todays email system is unfeasable, I bealieve that the following is quite
do-able.
Step 1. Create a new internet mail protocal utalizing a well proven encryption system such as Secure Shell (SSH). I call it SSMTP, but names are unimportant at this point. This protocal will use certificate based encryption where both the host and the recipiant servers will require trusted certifcate in order to comunicate and encrypt data sent between the two systems.
Step 2. integrate this new protocal with existing email server system such as exchange, lotus notes, etc.
Step 3. Include a visible option in the client software (outlook) where the sender can resolve and tell if a recipiants email system accepts encrypted mail. Also include a tag where the recipiant can tell wheather or not email in their inbox was sent encrypted.
I realize that a. no encryption is hack proof, and any certificate can potentaly be duplicated. I only know that this would be much more secure than today's SMTP protocal with no encryption at all. b. this is most likely not a new idea. This is however is my version of it, and I strongly feel that this is not only do-able, but a must in a world where email has become one of the most widly used forms of long distance and busisness communication known today.
Please let me know your opinion and be easy on me I do have feelings.
-David Lapham
Sendmail: Using STARTTLS
http://www.sendmail.org/m4/starttls.html Fine-tuning Sendmail's certificate verification behavior. (Disclosure: I work for Sendmail, although not on this particular Open Source software.) [jutta, Oct 04 2004, last modified Oct 05 2004]
Exchange 5.5
http://www.microsof...n/2000/FAQ.asp#SMTP "There are two options for encryptionInternet Protocol Security (IPsec), which is built into Windows 2000, and Transport Layer Security (TLS), built into the SMTP service and used by Exchange 2000. TLS is also known as secure sockets layer (SSL)." [jutta, Oct 04 2004, last modified Oct 05 2004]
TLS extension to postifx
http://www.aet.tu-c..._tls/doc/intro.html "Encrypted email transfer from one host to another. Status: realized." [jutta, Oct 04 2004, last modified Oct 05 2004]
RFC 3207: STARTTLS
http://www.ietf.org/rfc/rfc3207.txt "SMTP Service Extension for Secure SMTP over Transport Layer Security", Paul Hoffman, 2002 [jutta, Oct 04 2004, last modified Oct 05 2004]
OpenSSH
http://www.openssh.com/ [jutta, Oct 04 2004, last modified Oct 05 2004]
OpenSSL
http://www.openssl.org/ [jutta, Oct 04 2004, last modified Oct 05 2004]
[link]
|
|
why bother?.. if it's encrypted (sp.) it's encrypted, there's no need to encrypt the transport too - and getting each to trust the other's certificate (i.e. a certificate for every mail server) would be incredibly cumbersome. |
|
|
Nealp,
The Gross of todays email is sent unencrypted including important busisness information. Most user do not know how to encrypt their email messages. This would offer a form of encryption for the masses, not only the computer savy as is today. |
|
|
While this is combersome and unpracticle for the entire internet at first, it should start with busisness that whish to have secure communication between each other with out going through setting up a full time VPN. |
|
|
Are you sure you're thinking of SSH, not of SSL or TLS? (The "Secure Socket Layer" is what many protocols use when creating encrypted connections.) |
|
|
In practice, you can solve this problem today with existing, widely deployed mail server software by telling the server to send e-mail to certain domains (e.g., to the other office) via an encrypted, authenticated link. |
|
|
Jutta,
Thanks for the information. I did in fact mean ssh not ssl or tls. I am familuar and have used these encryption schemes for POP3 users while sending smtp to an exchange server. My half baked idea was for the smtp communication from server to server, not from client to server as this has already been acomplished. As you have pointed out it does seem possable to use encryption from server to server. In this case my idea is already baked, just not in as wide use as I think it ought to be.
The reason I chose ssh was because of it's open source nature and it's reputation of being a strong and difficult to crack scheme. I am aware the ssh does not usley by nature use certificates, but since it is open source, I would think it could be easly changed for the purpose.
-DL |
|
|
All it takes to make SSH use certificates is configuration - you don't need to edit the source code.
Open Source implementations exist for both SSL and SSH. OpenSSH can use OpenSSL. |
|
| |