Thursday, July 26, 2007

....and still no secure e-mail?

It still boggles me why servers don’t do a public key cryptographic handshake/connection encryption when they transmit email. It doesn’t take any new technology than what already exists. when user a logs into server A to send message to user b using email server B if they are concerned about security will use a secure connection between themself and their email server. However the security hole exists in the communication between the two email servers. if the two servers used a secure connection to transfer the email messages then the entire problem of forget password script emailing out plain text password would be mitigated.

Read the article HERE.

0 Comments:

Post a Comment

<< Home