On Fri, Nov 17, 2006 at 11:04:48PM -0500, Victor Duchovni wrote: > On Fri, Nov 17, 2006 at 08:14:26PM -0500, Brian Thompson wrote: > > We have a group of users here who wish to send email through > > Thunderbird to a SMTP server (sendmail) that requires SSL/TLS > > authentication/encryption. The complaint is that it takes too long for > > Thunderbird to encrypt large attachments when sending email. > > This complaint is likely bogus, AES runs with ease (plenty of CPU left) > at over 100Mbp/s. Unless this is 1Gbps/s connection, there should be no > noticeable delay.
Agree. This is most definitely bogus and utter bullshit. Symmetric crypto in particular AES is a breeze on modern desktop hardware. Thunderbird may have other issues I am not aware of. > > > Email content security isn't a major concern in our situation but we > > do want to keep the SSL/TLS authentication in order to prevent > > others outside the group from relaying through the SMTP server. > > Sendmail depends on openssl for the SSL/TLS portion, so I'm > > trying to figure out if there's a way we can modify the SMTP server > > to not attempt or require encryption from the email clients while > > leaving the basic structure (sendmail/openssl) in place. Maybe set > > the encryption strength to zero bits or something similar? I'm not > > too openssl savvy, so any details would be greatly appreciated. > > This violates the purpose of the controls, if you don't want to mandate > an encrypted channel, change the Sendmail configuration to not require it. You don't stand to gain much by not encrypting and only authenticating. There is no piecemeal security solution. Best, Girish -- Linux is for folks who hate Windoze. FreeBSD is for folks who love UNIX. OpenBSD is for folks who can't live without UNIX. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
