oberman@rogue.llnl.gov (02/13/91)
In article <28229:Feb1200:29:5391@kramden.acf.nyu.edu>, brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: > In article <9102102022.AA26112@osiris.MIT.EDU> jis@MIT.EDU (Jeffrey I. Schiller) writes: > [ RFC 931 ] >> I wouldn't go so far as to say it makes mail a "secure" protocol. > > But it does---again, provided that TCP is made secure. > > I'm not convinced that this is such a problem. The Internet mail I send > rarely goes through more than three hops: nyu.edu, bar.com, foo.bar.com. > If sending organization and receiving organization support RFC 931, > that's enough. This is a rather parochial point of view. My site has over 1000 nodes which are not on the Internet, They get thier mail through various gateways and the use of 931 doesn't appear to do me a bit of good. And I'm hardly exclusive. There's BITNET, Usenet, HEPnet, SPAN, ATTmail, Compuserve, MCImail, and a nearly endless list of other mail systems which make 931 an impractical solution to the problem. I agree quite strongly that the only real way to do the job is with public key end to end encryption or with digital signatures (as appropriate). I admit that I'm still a bit unsure of how x.509 cetificates will be issued in "the real world", but that gets into philosophy and is not germain. I do think it's a bad idea to espouse a method because "it will be good enough for me". A real solution should be good enough for everyone. R. Kevin Oberman Lawrence Livermore National Laboratory Internet: oberman@icdc.llnl.gov (415) 422-6955 Disclaimer: Don't take this too seriously. I just like to improve my typing and probably don't really know anything useful about anything.