On 19/08/15 17:50, Alice Wonder wrote: > > > On 08/19/2015 09:24 AM, Kai Bojens wrote: >> On 19-08-15 08:30:27, Alice Wonder wrote: >> >>> e-mail by its very design is not secure, SMTP creates "Man In The >>> Middle" at every server along the way. >> >> DANE exists and mail servers like postfix support this. My logfiles >> show me that mail.centos.org delivers straight to me without any >> servers along the way. > > DANE just pins the certificate. > >> >>> I'm not saying they shouldn't implement TLS on the list server, just >>> not sure what the privacy or security benefit really would be. >> >> Encryption ensures that third parties simply cannot follow their "collect >> all" strategy. > > That's a fair point. But it's a public mailing list?? I can understand why you may want to send some mail encrypted point to point, but not when you then publish said mail on a publicly accessible archived list. It's just adding unnecessary overhead.