[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Update to default exit policy



Quoting 7v5w7go9ub0o <7v5w7go9ub0o@xxxxxxxxx>:

anonym wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/08/08 15:42, 7v5w7go9ub0o wrote:
anonym wrote:
Email clients leak tons of information, the most critical I know of
being your IP address and/or host in the EHLO/HELO in the beginning
of the SMTP(S) transaction.
Nope.

The encrypted connection occurs before the smtp handshake.

IP/host info is not compromised, this is not an issue.

Care to elaborate on this?

The way I understand it, the encrypted connection will only prevent
eavesdroppers from snooping the IP address/host, but the destination
email server will get it in the EHLO/HELO message. IMHO, that equals a
compromise of grand scale.

AH!.... we were talking about two different things. :-(

I was referring to third-parties being unable to sniff your email
contents or your host address within an SSL/SMTP transaction via TOR.
You're talking about withholding information from the mail server itself
(e.g. you're on the road with a laptop, and don't want to leave records
of where you were as you sent your messages).

And indeed, you raise an interesting point!

Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my "real" ip adress occur in the mail headers, or the ip of the exit node?

I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this!

Merci! :)