Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!mailrus!umix!b-tech!zeeff
From: zeeff@b-tech.UUCP (Jon Zeeff)
Newsgroups: comp.mail.elm
Subject: Re: Mail Encypherment
Message-ID: <4600@b-tech.UUCP>
Date: 7 Jul 88 13:54:57 GMT
References: <2085@hplabsz.HPL.HP.COM> <10319@ncc.Nexus.CA>
Reply-To: zeeff@b-tech.UUCP (Jon Zeeff)
Organization: Branch Technology Ann Arbor, MI
Lines: 26

> 
>>Basically, I don't believe that there are any really robust
>>encypherment systems that are quick and painless to use.  That's
>>okay, though, because the real reason one wants to encode mail
>>is to prevent unauthorized browsing of the contents *in transit*.

Actually, I'd like to prevent unauthorized browsing *anywhere*.  I do use
systems where I don't like the idea of someone with root looking through
my mailbox.

Don't do encryption at the transport layer.  What would you use - a fixed
encryption key?

>
>[ Given that the decryption routines would be available to the
>  system administrators, this still won't guarantee complete
>  security. 
>

They would end up being available to everyone and so won't guarantee 
any security.  Leave it out of the transport layer so that the system 
administrators don't have the key.  


-- 
Jon Zeeff           		Branch Technology,
uunet!umix!b-tech!zeeff  	zeeff%b-tech.uucp@umix.cc.umich.edu