[CentOS] TLS for all CentOS websites but not for smtp?

Wed Aug 19 18:02:51 UTC 2015
Ned Slider <ned at unixmail.co.uk>


On 19/08/15 17:50, Alice Wonder wrote:
> 
> 
> On 08/19/2015 09:24 AM, Kai Bojens wrote:
>> On 19-08-15 08:30:27, Alice Wonder wrote:
>>
>>> e-mail by its very design is not secure, SMTP creates "Man In The
>>> Middle" at every server along the way.
>>
>> DANE exists and mail servers like postfix support this. My logfiles
>> show me that mail.centos.org delivers straight to me without any
>> servers along the way.
> 
> DANE just pins the certificate.
> 
>>
>>> I'm not saying they shouldn't implement TLS on the list server, just
>>> not sure what the privacy or security benefit really would be.
>>
>> Encryption ensures that third parties simply cannot follow their "collect
>> all" strategy.
> 
> That's a fair point.

But it's a public mailing list??

I can understand why you may want to send some mail encrypted point to
point, but not when you then publish said mail on a publicly accessible
archived list. It's just adding unnecessary overhead.