 |
||||||
 |
 |
 |
 |
 |
 |
 |
|
Web of Trust Information
and e-mail security
First of all, this is not a technical discussion. Many of the technical details are omitted or simplified. If you're interested in a technical discussion of secure e-mail, there are many places on the web to look. Historically, e-mail was actually more like a postcard than it is a letter. There was no way to put an 'envelope' around the message. Anyone who 'handles' it could read it. Hopefully, they don't read it - they're probably much too busy. Who 'handles' your e-mail? Lot's of folks! That is the nature of the Internet - packets of information are relayed from you to the web or e-mail server that are are trying to access, and the same thing happens when the information is returned to you. This is done with computers and routers and other hardware that comprises the Internet 'backbone'. At any point along the way, someone could intercept your data and view it. This is why secure socket layer (ssl) was created. You've seen this when you go to a 'secure' web site. You may have noticed that the web address starts with 'https' instead of 'http'. This is an indication that you're dealing with a secure web site. Most browsers also show a lock icon on the bottom right. This implies that the information is encrypted while enroute between your computer and the web server. Someone that is 'snooping' on your communiction might be able to see where the information is coming from, and where it is going, but not see the actual information. But what about e-mail? For the most part, it's not secure. Furthermore it is not hard for one person to send you e-mail that you think came from someone else. You may have received spam from 'Bill Gates' telling you that you've won some money. Chances are, it wasn't really from Bill! Yet, if you look a the 'From:' header on the message, it looks like it did come from him. (The one that bugs me is that I get spam from me all the time. Naturally, it's not really from me, but if it were sent to my friends or customers, they might believe that it's from me.) So, not only is e-mail not secure (from a privacy standpoint), it isn't even authenticated.
|