[113878] in cryptography@c2.net mail archive
Re: SSL/TLS and port 587
daemon@ATHENA.MIT.EDU (Ed Gerck)
Wed Jan 23 16:31:12 2008
Date: Wed, 23 Jan 2008 09:39:33 -0800
From: Ed Gerck <edgerck@nma.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
CC: Paul Hoffman <paul.hoffman@vpnc.org>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <20080123164531.37986e38@yellowstone.machshav.com>
Steven M. Bellovin wrote:
> You're confusing two concepts. "Warrants" apply to government
> behavior; terming something a "wireless wiretap" carries the clear
> implication of government action. Private action may or may not
> violate the wiretap act or the Stored Communications Act, but it has
> nothing to do with warrants.
First, there is no confusion here; I was simply addressing both
issues as in my original question to the list:
The often expressed idea that SSL/TLS and port 587 are
somehow able to prevent warrantless wiretapping and so on, or
protect any private communications, is IMO simply not
supported by facts.
Second, those two issues are not as orthogonal as one might
think. After all, an ISP is already collaborating in the
case of a warrantless wiretap. So, where would the tap
take place:
1. where the email is encrypted, or
2. where the email is not encrypted.
Considering the objective of the tap, and the expenses incurred
to do it, it seems quite improbable to choose #1.
Thanks for Mr. Councilman's case update. I mentioned it only
because it shows what does happen and the economic motivations
for it, none of which could have been prevented by SSL/TLS
protecting email submission.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
