Re: TLS for all CentOS websites but not for smtp?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, August 19, 2015 12:24, Kai Bojens wrote:
> On 19-08-15 08:30:27, Alice Wonder wrote:
>
>> e-mail by its very design is not secure, SMTP creates "Man In The
>> Middle" at every server along the way.
>
> DANE exists and mail servers like postfix support this. My logfiles
> show me that mail.centos.org delivers straight to me without any
> servers along the way.
>
>> I'm not saying they shouldn't implement TLS on the list server, just
>> not sure what the privacy or security benefit really would be.
>
> Encryption ensures that third parties simply cannot follow their
> "collect all" strategy.

However, this is a mailing list.  And all messages sent through this
mailing list are archived and published as web documents.  It seems to
me that insofar as Centos ML comsec is concerned STARTTLS would not
add any measurable degree of security or privacy.


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux