[CentOS] TLS for all CentOS websites but not for smtp?

Thu Aug 20 16:37:56 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Wed, August 19, 2015 2:33 pm, Fabian Arrotin wrote:
> Hash: SHA1
> On 19/08/15 15:56, Kai Bojens wrote:
>> Hello everybody, I just got the email about the enforcing of HTTPS
>> for the CentOS Websites which I really appreciate:
>> „The CentOS Project infra team has decided to implement TLS
>> wherever we can (
>> Does anybody know if and when mail.centos.org will be able to
>> deliver its mails with STARTTLS? There seems to be no support for
>> STARTTLS at all:
>> $: openssl s_client -connect mail.centos.org:25 -starttls smtp (
>> didn't found starttls in server response, try anyway...
> Thanks for the comment.
> As said, we were targeting first the websites, but we can also
> investigate what would be needed and the possible impacts of
> implementing that for SMTP traffic.
> But, as other people said it too, it depends on what you want to
> secure/encrypt, and gnupg can also be used for that, despite the smtp
> server[s] included in the chain.
> My (personal) opinion is "if you want to secure/encrypt", use gpg.
> Adding TLS on top of smtp for the transport itself can be a good idea.
> Let me just start a thread with the other guys and see what we can
> come with.

I 100% agree with gpg. TLS/SSL I would only consider necessary if you have
to authenticate with your SMTP server for having it send your message for
you. For everything else as far as SMTP is concerned TLS/SSL does not add
anything thus is not necessary IMHO.

Just my $0.02.


> That will not be priority #1 though, as we're also working on other
> things, like using FAS for central auth for resources like
> cbs.centos.org and git.centos.org.
> Kind Regards,
> - --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
> Version: GnuPG v2.0.22 (GNU/Linux)
> iEYEARECAAYFAlXU2icACgkQnVkHo1a+xU4jMwCfW2gfE8o6ALEqzcTXSBq5+jx0
> P4YAn2vl/qlxOieW6oYRO2kXZijrsZmL
> =Tgek
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247