On 08/20/2015 11:55 AM, James B. Byrne wrote: > > On Wed, August 19, 2015 12:24, Kai Bojens wrote: >> On 19-08-15 08:30:27, Alice Wonder wrote: >> >>> e-mail by its very design is not secure, SMTP creates "Man In The >>> Middle" at every server along the way. >> >> DANE exists and mail servers like postfix support this. My logfiles >> show me that mail.centos.org delivers straight to me without any >> servers along the way. >> >>> I'm not saying they shouldn't implement TLS on the list server, just >>> not sure what the privacy or security benefit really would be. >> >> Encryption ensures that third parties simply cannot follow their >> "collect all" strategy. > > However, this is a mailing list. And all messages sent through this > mailing list are archived and published as web documents. It seems to > me that insofar as Centos ML comsec is concerned STARTTLS would not > add any measurable degree of security or privacy. > > But there is a fair point that most archives of mailing lists on the web make some attempt to hide the e-mail addresses from spambots.