Archived posting to the Leica Users Group, 2000/12/18
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]My profession is internet engineer. I've designed, built, and operated internet email systems for a long time. While it is true that email traffic passes through intermediate machines, it is much less true that the email messages are reconstituted at those intermediate points. One of the most important principles of engineering high-performance internet transport equipment is to store as little information as possible. "Get it in; get it out". The engineering rules by which the internet is built actually forbid, specifically, the reconstituting of email messages at undocumented waypoints, and I don't know of a single equipment vendor or software package that would dream of breaking this rule. When A sends a message to B, the processing looks like this: 1. A determines the "next hop", or "mail exchanger". Call this "C". 2. A opens a stream connection to C. 3. A breaks up the message into individual IP packets and sends them to C. 4. C reconstitutes the message and queues it for delivery to B. 5. If C=B, then the message has arrived. 6. If C is not equal to B, then C must repeat the process: pretend that C is A and follow steps 1 through 5. In step 3, the packets can take many diverse paths, but the message is never stored or reconstituted at the waypoints. This is a security advantage, actually: there is no place that you can connect a listening device, except the two ends, that is guaranteed to hear the traffic for snooping purposes. This makes the FBI's famous "Carnivore" device still require physical access to one of the two ends of the connection. Carnivore works because most people get their mail delivered to an ISP. By contrast, once a telephone circuit is set up, there are many points that it can be tapped, and it is relatively easy to find them. If any part of a telephone conversation passes through some waypoint, then all of it does. There is no concept of chopping the phone call into pieces and sending them over divergent paths. Well, there is with digital cell phones. About a dozen times in the last 20 years I've had to cooperate with law enforcement people who had a search warrant and who wanted to monitor the email of someone whose email service I had control over; I've spent many hours trying (legally) to tap into other people's email. It's very hard, unless you can get insider access to the computers operated by the recipient's ISP, in which case it is very easy. Realistically, the only place where it is worthwhile trying to wiretap email is to tap into the same computer that the recipient uses to check his mail. Basically, you try to grab their mail out of their mailbox before they see it. It's generally a waste of time to try to grab it anywhere else.