[CentOS] TLS for all CentOS websites but not for smtp?

Thu Aug 20 19:05:38 UTC 2015
Alice Wonder <alice at domblogger.net>


On 08/20/2015 11:55 AM, James B. Byrne wrote:
>
> On Wed, August 19, 2015 12:24, Kai Bojens wrote:
>> On 19-08-15 08:30:27, Alice Wonder wrote:
>>
>>> e-mail by its very design is not secure, SMTP creates "Man In The
>>> Middle" at every server along the way.
>>
>> DANE exists and mail servers like postfix support this. My logfiles
>> show me that mail.centos.org delivers straight to me without any
>> servers along the way.
>>
>>> I'm not saying they shouldn't implement TLS on the list server, just
>>> not sure what the privacy or security benefit really would be.
>>
>> Encryption ensures that third parties simply cannot follow their
>> "collect all" strategy.
>
> However, this is a mailing list.  And all messages sent through this
> mailing list are archived and published as web documents.  It seems to
> me that insofar as Centos ML comsec is concerned STARTTLS would not
> add any measurable degree of security or privacy.
>
>

But there is a fair point that most archives of mailing lists on the web 
make some attempt to hide the e-mail addresses from spambots.