[CentOS] TLS for all CentOS websites but not for smtp?
Alice Wonder
alice at domblogger.net
Thu Aug 20 19:05:38 UTC 2015
On 08/20/2015 11:55 AM, James B. Byrne wrote:
>
> On Wed, August 19, 2015 12:24, Kai Bojens wrote:
>> On 19-08-15 08:30:27, Alice Wonder wrote:
>>
>>> e-mail by its very design is not secure, SMTP creates "Man In The
>>> Middle" at every server along the way.
>>
>> DANE exists and mail servers like postfix support this. My logfiles
>> show me that mail.centos.org delivers straight to me without any
>> servers along the way.
>>
>>> I'm not saying they shouldn't implement TLS on the list server, just
>>> not sure what the privacy or security benefit really would be.
>>
>> Encryption ensures that third parties simply cannot follow their
>> "collect all" strategy.
>
> However, this is a mailing list. And all messages sent through this
> mailing list are archived and published as web documents. It seems to
> me that insofar as Centos ML comsec is concerned STARTTLS would not
> add any measurable degree of security or privacy.
>
>
But there is a fair point that most archives of mailing lists on the web
make some attempt to hide the e-mail addresses from spambots.
More information about the CentOS
mailing list