On 08/19/2015 09:24 AM, Kai Bojens wrote: > On 19-08-15 08:30:27, Alice Wonder wrote: > >> e-mail by its very design is not secure, SMTP creates "Man In The >> Middle" at every server along the way. > > DANE exists and mail servers like postfix support this. My logfiles > show me that mail.centos.org delivers straight to me without any > servers along the way. DANE just pins the certificate. > >> I'm not saying they shouldn't implement TLS on the list server, just >> not sure what the privacy or security benefit really would be. > > Encryption ensures that third parties simply cannot follow their "collect > all" strategy. That's a fair point.