On Wed, August 19, 2015 12:24, Kai Bojens wrote:
On 19-08-15 08:30:27, Alice Wonder wrote:
e-mail by its very design is not secure, SMTP creates "Man In The Middle" at every server along the way.
DANE exists and mail servers like postfix support this. My logfiles show me that mail.centos.org delivers straight to me without any servers along the way.
I'm not saying they shouldn't implement TLS on the list server, just not sure what the privacy or security benefit really would be.
Encryption ensures that third parties simply cannot follow their "collect all" strategy.
However, this is a mailing list. And all messages sent through this mailing list are archived and published as web documents. It seems to me that insofar as Centos ML comsec is concerned STARTTLS would not add any measurable degree of security or privacy.
On 08/20/2015 11:55 AM, James B. Byrne wrote:
On Wed, August 19, 2015 12:24, Kai Bojens wrote:
On 19-08-15 08:30:27, Alice Wonder wrote:
e-mail by its very design is not secure, SMTP creates "Man In The Middle" at every server along the way.
DANE exists and mail servers like postfix support this. My logfiles show me that mail.centos.org delivers straight to me without any servers along the way.
I'm not saying they shouldn't implement TLS on the list server, just not sure what the privacy or security benefit really would be.
Encryption ensures that third parties simply cannot follow their "collect all" strategy.
However, this is a mailing list. And all messages sent through this mailing list are archived and published as web documents. It seems to me that insofar as Centos ML comsec is concerned STARTTLS would not add any measurable degree of security or privacy.
But there is a fair point that most archives of mailing lists on the web make some attempt to hide the e-mail addresses from spambots.
-
Alice Wonder -
James B. Byrne -
Kai Bojens