SMTP TLS does absolutely nothing for security if even one provider in the chain doesn't use it.
Nobody has claimed otherwise.
SMTP TLS is for securing traffic between servers, no one has said that it will prevent your provider from being complicit in handing over your personal data or that it will protect you if NOT used. Not sure why you felt the need to point out the obvious, BTW did you know an empty Fire Extinguisher won't help you to fight fires?
SMTP TLS does protect email the fact that it doesn't provide 100% anti-james-bond security doesn't make it useless. Is the lock on my front door useless, since it won't stop a sledgehammer, crowbar, chainsaw or law enforcement?
Of course it does become a problem if someone touts it as offering more secure than it really does, but this is also a problem that exists with physical security. Yet we don't so readily dismiss our wooden doors, glass windows and cheap residential locks.
I see no reason that S/MIME couldn't be made much easier to install. Preferably through a configuration wizard when setting up an email client, software vendors get need to get on board and hopefully partner with a CA so the certificate verification and installation can be done from within the mail client itself.
Not to mention actually obtaining a client-side x509 certificate is almost impossible. So in conclusion, you're fucked, always remember that email is postcards not envelopes.
You're right, spending an entire 5 minutes to obtain and install a certificate is an utterly impossible task.
I use S/MIME so my signature is sent every time I send an email. It's true that the initial email exchange with any new contact will have to be sent in plain text (SMTP TLS if their server supports it), but after that everything can be sent encrypted client to client.
It's a recurring problem in the IT industry. Anything that isn't 100% secure gets dismissed.
SMTP TLS goes a long way towards making email more secure. So long as the providers aren't pretending they are unable to hand it over to law enforcement (encrypted on the server) then it isn't a problem. User education is the key.
Technical solutions to social & political problems don't work.
Really you want to try brute force decrypt 4092 bit random key encrypted folder stored to random joe's sky drive folder? No, well neither does the NSA.
Since the folder is unencrypted it shouldn't be too hard.
Or a sign that says "This theater is equipped with phone jamming. If your phone rings during the movie, a member of staff will come and jam it somewhere."
a lot of tradesmen have the tools required to cut their way into the bunker. There's nothing magical about a nuclear bunker, it just takes longer to get into than the average building.
Slashdot Mirror
Nope, security.
Feel free to point out where I'm wrong.
SMTP TLS does absolutely nothing for security if even one provider in the chain doesn't use it.
Nobody has claimed otherwise.
SMTP TLS is for securing traffic between servers, no one has said that it will prevent your provider from being complicit in handing over your personal data or that it will protect you if NOT used. Not sure why you felt the need to point out the obvious, BTW did you know an empty Fire Extinguisher won't help you to fight fires?
SMTP TLS does protect email the fact that it doesn't provide 100% anti-james-bond security doesn't make it useless. Is the lock on my front door useless, since it won't stop a sledgehammer, crowbar, chainsaw or law enforcement?
Of course it does become a problem if someone touts it as offering more secure than it really does, but this is also a problem that exists with physical security. Yet we don't so readily dismiss our wooden doors, glass windows and cheap residential locks.
You can get a free cert from here: http://www.comodo.com/home/email-security/free-email-certificate.php
Which I found out about after paying $50 for a 3 year cert from global sign.
I see no reason that S/MIME couldn't be made much easier to install. Preferably through a configuration wizard when setting up an email client, software vendors get need to get on board and hopefully partner with a CA so the certificate verification and installation can be done from within the mail client itself.
Free = Expensive?
Not to mention actually obtaining a client-side x509 certificate is almost impossible. So in conclusion, you're fucked, always remember that email is postcards not envelopes.
You're right, spending an entire 5 minutes to obtain and install a certificate is an utterly impossible task.
Just about every modern email client supports S/MIME these days.
I use S/MIME so my signature is sent every time I send an email. It's true that the initial email exchange with any new contact will have to be sent in plain text (SMTP TLS if their server supports it), but after that everything can be sent encrypted client to client.
It's a recurring problem in the IT industry. Anything that isn't 100% secure gets dismissed.
SMTP TLS goes a long way towards making email more secure. So long as the providers aren't pretending they are unable to hand it over to law enforcement (encrypted on the server) then it isn't a problem. User education is the key.
Technical solutions to social & political problems don't work.
Really you want to try brute force decrypt 4092 bit random key encrypted folder stored to random joe's sky drive folder? No, well neither does the NSA.
Since the folder is unencrypted it shouldn't be too hard.
Or a sign that says "This theater is equipped with phone jamming. If your phone rings during the movie, a member of staff will come and jam it somewhere."
What do you do do?
If you're in IT especially and you're invisible you're suspicious. Lots of job applicants. What makes you stand out?
What if you're in IT but blog about subjects unrelated to that field.
I think this video sums it up nicely.
http://www.youtube.com/watch?v=Z_ZiRT8Nwkk
Change "Pickup truck" to "Ute" and "tins of Fosters" to "tinnies of VB" and you're spot on.
Except the Firefox fanbois who are getting closer to their dream of reaching a higher version number than Chrome.
So what you're saying is.... Spamhaus works!
Let's not forget the blatant hypocrisy of launching a DDoS in response to perceived censorship.
So Firefox is now at 20, Chrome is now at 26.
Looks like they are finally going to reach their goal of overtaking chrome.
Every paycheck I get I spend of bitcoins. Then cash those coins out a month later, it's like have an incredibly high interest rate bank account.
a lot of tradesmen have the tools required to cut their way into the bunker. There's nothing magical about a nuclear bunker, it just takes longer to get into than the average building.
Just seal up the entrance, eventually the problem will die out.
I've always wondered if putting "Don't you fucking dare reset that password" as a secret question.
Such, that's why I'm making money and you're not :D
But you failed to figure out how not to get whooshed.
If you weren't ignorant, you'd know how to use an apostrophe.
Because a persons grammar is the one true way of measuring financial success.
Congratulations on making money off of wasting electricity, we sure do need more people doing that. Shitbag.
In the same way you're wasting electricity by providing a demonstration of your stupidity on Slashdot.
Only on the MtGrox exchange and only for a few minutes. Hardly a crash.
Nope, I figured out a way to make money off bitcoin. Which is pretty cool considering it's practically money for nothing.