Encryption, Email and Networking

According to an article in the The Register, users of WiFi (wireless networking) are still not encrypting their connections. This is an interesting survey though as it moves away from the traditional WEP/no-WEP position: the people they surveyed (well, more like monitored) were using open access points at the Planet Expo in Boston.

The company that ran the experiment, AirDefense, monitored all traffic between the show’s attendees and the 141 open access points around the floor. They found that “Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day.”

So, now the emphasis is moving away from making the link secure (kind of accepting that radio waves are inherently insecure perhaps?), and towards getting people to use encryption for their email and other sensitive traffic.

To be fair though, many of the people at the show may not have had the option to use secure email connections. Both my ISPs allow me to access my email via a POP3 connection from anywhere I can connect to the internet, but I don’t have any option for encrypting that traffic. My primary webmail service (Yahoo! Mail) does encrypt the login process I believe, but not access to the email itself.

If encryption is to be widely used for email, then what we need is an encrypted version of both POP3 and SMTP. Something modeled on the HTTPS standard perhaps since that has proven to be simple to use, and effective. Or do we go even further and move everybody to an encrypted version of TCP so that much of this traffic is encrypted by default.

This seems to be present in the new IPv6 standard (read this informative article on IPv6, including a section on the Authentication Header and Encrypted Security Payload mechanisms it provides). Perhaps we should move the US and Europe to this standard more quickly?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.