On Tue, May 3, 2022 at 10:51 PM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
Of course, having email transmitted in cleartext creates lots of
nontrivial problems also. It's just that we regard those problems as
"normal", or pretend that they don't exist.
How much do we think 'transmitted in cleartext' exists anymore?
Hadn't all of the large email vendors basically forced TLS on the smtp path ~4-5yrs back?
Hasn't imap (without TLS) been non-supported by pretty much everyone for ~10+yrs?
Hasn't imap (without TLS) been non-supported by pretty much everyone for ~10+yrs?
Is the problem you (and to some extent John) point out actually data-at-rest and not data-in-flight?
(and that if the email itself is not encrypted the MTAs in path will have the ability to snoop at the content, of course)
(and that if the email itself is not encrypted the MTAs in path will have the ability to snoop at the content, of course)