[lug] Getting mail out of the Qwest/MSN mire
Nate Duehr
nate at natetech.com
Sat Jul 8 23:34:54 MDT 2006
On Jul 7, 2006, at 10:01 PM, David L. Anselmi wrote:
> Nate Duehr wrote:
> [...]
>> Every mail server that touches a message should also digitally
>> sign/stamp the message.
>> All it would take is a large organization (U.S. Government, would
>> be a REALLY good one) saying, "We're going to use this Encryption
>> technique, and any mail arriving unencrypted... we're throwing away."
>
> Have you ever worked for the federal government? I can see them
> doing just this, and just as you have they'd say "encrypt" rather
> than "sign".
>
> But it isn't just that mail has to be signed, the signatures have
> to be verified. And so the mail servers have to be authenticated
> well. And then the price of running a mail server goes up. No big
> deal for Google but the rest of us will wind up using gmail too.
> No thanks.
One could argue that mail servers running with all of these features
by professionals would make e-mail itself more professional. There's
nothing keeping companies or individuals from running the "old"
technology, just that over time certain businesses might only accept
signed/authenticated e-mail.
So you'd have to use your gmail or your ISP's mail servers (assuming
that ISP's would be twisted into offering the service) for certain
things, but it wouldn't stop you from running the equivalent of the
regular old SMTP "Windows 95" of e-mail servers... it'd just become
increasingly more difficult.
>> Companies set up VPN connections for critical business data
>> between one another as the "best practices" way of handling day to
>> day business for EVERYTHING BUT... E-mail. Business deals big
>> enough to affect thousands of people's lives get "inked" via an un-
>> encrypted, un-authenticated e-mail every day.
>> Ridiculous.
>
> Business doesn't care about security. Some will say that rather
> they care about risk management. My guess is they only care about
> beating the odds. (That's not really meant to be cynical, beating
> the odds is good enough.)
You're right. If an incident involving millions of dollars ever
happens with "traditional" e-mail, that'd be the impetus for
businesses to "fix" their mail servers to do something like this.
Similar to my attitude on Microsoft releasing LOTS of bugs, I say...
bring it on! I'll adapt to get rid of spam as we know it today.
What I won't do (as some have mentioned some do) is get draconian
about what IP blocks can send me mail... that's not fixing the root-
cause.
--
Nate Duehr
nate at natetech.com
More information about the LUG
mailing list