The secure security options for K-9 isn't TLS, but SSL/TLS. K-9 could care
less whether your connection is WIFI or mobile data.
Andy Figueroa
On 3/2/19 2:00 PM, Greg Troxel wrote:
Dmitry Alexandrov <[email protected]> writes:
Are you using TLS for SMTP/IMAP?
If not, set up TLS and start your analysis over :-) (Seriously, not
having TLS and being even a little bit concerned about security do not
go together.)
He apparently uses opportunistic encryption (STARTTLS) for some
reason. In such a case a paranoid default behaviour of a server might
be understandable (yet not tolerable, if is not optional).
I think it's necessary to separate:
1) connect and just be unencrypted
2) connect, try STARTTLS, and continue on success or failure
3) connect, try STARTTLS, and disconnect on failure
4) connect via forced-on TLS (a la https)
I don't see that 3 is worse than 4. 1 is obviously bad, and 2 should
give confidentiality from eavesdroppers but fails with active attackers.
However, a typical wifi has an active attacker called a captive portal.
I only ask as there are times whilst out and about, that K9 will synchronise
email accounts irrespective of the connection.
It actually should not. It used to have an option to perform an
encryption in a truly opportunistic way, but it was removed years ago
(cf. daea7f1ec). What version do you use?
I think he means "connect over TLS and sync".
Anyway, you really do not want to use STARTTLS instead of full-plate
TLS, if your server supports it (if they are so concerned about
security, they ought to).
Why, if the client (or server) disconnects if TLS is not negotiated?
Are you using a VPN? If not, would it help with the above security
concerns?
Would not it be rather superfluous here?
It depends on the security concerns. If the issue is reveling that you
wnat to connect to your personal IMAP server, because that lets the wifi
operator track your presence, then a VPN (not to your server :-) might
help. That's why I asked, or meant to ask, what the threat model and
security concerns were.
--
You received this message because you are subscribed to the Google Groups "K-9
Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
