[CentOS] TLS for all CentOS websites but not for smtp?

Wed Aug 19 19:33:59 UTC 2015
Fabian Arrotin <arrfab at centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/08/15 15:56, Kai Bojens wrote:
> Hello everybody, I just got the email about the enforcing of HTTPS
> for the CentOS Websites which I really appreciate:
> 
> „The CentOS Project infra team has decided to implement TLS
> wherever we can (…)”
> 
> Does anybody know if and when mail.centos.org will be able to
> deliver its mails with STARTTLS? There seems to be no support for
> STARTTLS at all:
> 
> $: openssl s_client -connect mail.centos.org:25 -starttls smtp (…) 
> didn't found starttls in server response, try anyway...

Thanks for the comment.

As said, we were targeting first the websites, but we can also
investigate what would be needed and the possible impacts of
implementing that for SMTP traffic.
But, as other people said it too, it depends on what you want to
secure/encrypt, and gnupg can also be used for that, despite the smtp
server[s] included in the chain.

My (personal) opinion is "if you want to secure/encrypt", use gpg.
Adding TLS on top of smtp for the transport itself can be a good idea.
Let me just start a thread with the other guys and see what we can
come with.
That will not be priority #1 though, as we're also working on other
things, like using FAS for central auth for resources like
cbs.centos.org and git.centos.org.

Kind Regards,

- -- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlXU2icACgkQnVkHo1a+xU4jMwCfW2gfE8o6ALEqzcTXSBq5+jx0
P4YAn2vl/qlxOieW6oYRO2kXZijrsZmL
=Tgek
-----END PGP SIGNATURE-----