On 19/08/15 17:50, Alice Wonder wrote:
On 08/19/2015 09:24 AM, Kai Bojens wrote:
On 19-08-15 08:30:27, Alice Wonder wrote:
e-mail by its very design is not secure, SMTP creates "Man In The Middle" at every server along the way.
DANE exists and mail servers like postfix support this. My logfiles show me that mail.centos.org delivers straight to me without any servers along the way.
DANE just pins the certificate.
I'm not saying they shouldn't implement TLS on the list server, just not sure what the privacy or security benefit really would be.
Encryption ensures that third parties simply cannot follow their "collect all" strategy.
That's a fair point.
But it's a public mailing list??
I can understand why you may want to send some mail encrypted point to point, but not when you then publish said mail on a publicly accessible archived list. It's just adding unnecessary overhead.