[uug] Wiretapping at BYU
spr at scottr.org
Wed Feb 24 21:12:36 MST 2010
On Wed, Feb 24, 2010 at 4:37 PM, Kyle Mathews <mathews.kyle at gmail.com> wrote:
> Well... all I can say is I'm glad I use gmail which encrypts all of its
> --Kyle Mathews
The problem here is that if your message gets sent to a BYU address,
or from BYU it is scannable. Your connection to gmail and back is
secure, but your mail routes through SMTP. Does gmail use TLS with
SMTP if available? Is it even available with most BYU addresses?
The CS department does provide SMTP with TLS (or did when I was
there), but you've got to be sure your end starts the TLS session when
connecting. Of course that only secures traffic from you to the CS
department. Then of course the CS department needs to use TLS when it
sends messages to you.
Now just scale the need to have two way TLS on SMTP across all the
addresses you send, and then you'll have un-sniffable mail.
And don't forget IMAPS and POPS for your mail client. Or HTTPS for all
web traffic as with gmail.
More information about the uug-list