[GRLUG] Wireless question

Adam Tauno Williams awilliam at whitemice.org
Tue Dec 28 06:29:20 EST 2010 

On Mon, 2010-12-27 at 23:52 -0500, Mike Williams wrote:
> It depends on what you're trying to accomplish. It's fairly easy to run 
> an SSH proxy on a Linux box that has a public IP. This will work to make 
> your communications sniff-proof by other users at the free wifi you're 
> using. I believe your DNS requests are still unencrypted, so anyone 
> sniffing could see what DNS lookups you're doing, but that's it. This 
> level of encryption is not the same as truly secure communication, as 

HTTPS, IMAP/SSL is "truly secure" communication.  But it is "secure
*communication*", of course, you still have to trust the remote end.

And not all inter-MTA SMTP is unencrypted [which seems to be a common
belief - even among NPR's "IT security & privacy experts"; who should
all be fired].  I know the MTA (postfix) at work receives and sends
about 30% of its messages with TLS enabled.  If the remote MTA supports
TLS and the cert is valid the two MTAs will encrypt the traffic.  This
number is rising steadily.

> once they get to your server, wherever it is, the communication goes 
> unencrypted and can theoretically be intercepted between your server and 
> the email or web server you are talking to. The only way for your email 
> to not be sniffed is to run encryption between your machine and the 
> server. GMail allows encrypted IMAP, but not much else does.

@*($&*(@$ ???  Just about everyone supports IMAP/TLS.

>  Still, 
> email should not be considered secure regardless. Between email servers 
> (yours and the other party's), conversations are always unencrypted.

This is false.

> On 12/27/2010 10:35 PM, Michael Mol wrote:
> > On Mon, Dec 27, 2010 at 9:45 PM, John-Thomas Richards<jtr at jrichards.org>  wrote:
> >> On Sun, Dec 26, 2010 at 08:15:40PM -0500, Bob Kline wrote:
> >>> I'd see two issues.  One is to keep your e-mail and other operations
> >>> private, and I'd think https was good enough.
> >> https?  What about IMAP or POP3/SMTP?
> > Something I've been mulling in my head for a while. Proxies such as
> > Squid can be used for most protocols. How difficult is it to
> > SSL-encrypt the Squid proxy, and require all connections go through
> > that? That'd seem to allow even an open 802.11 network, as long as the
> > client didn't barf on the cert required to talk to the proxy.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the grlug mailing list