On 01/11/2016 11:11 PM, Volker Kuhlmann wrote:
On Sun 10 Jan 2016 13:53:43 NZDT +1300, criggie wrote:
This GMX claim is "secure-washing" at best.
GMX is a LOT further than any NZ ISP will be for some time.
The large European (or at least the German) ISPs agreed a while ago to
raise minimum standards:
* Email amongst each other is only transported on encrypted channels.
* Plain text logins (IMAP, POP, SMTP, anything) will be shut down after
a certain date (which has long passed).
* (I believe) The really useless ciphers won't be used any more.
I'm not too worried about email sitting unencrypted on a continental-
European server, especially a German one. They operate under privacy
legislation Kiwis can only dream of. For anything better I use gpg.
ISPs in this neck of the woods seem to argue "it's always insecure, so
why do anything". I know one who can't even install certificates
properly, customers insisting on ecrypted logins seem to be a rare
species - i.e. encryption is optional and not even encouraged. Pathetic.
Technically calling GMX "secure" is incorrect, but "much more secure" is
definitely true.
Btw I noticed that Posteo has put up an English user interface. They are
about as good as it gets. http://posteo.nz
Volker
"from cantva.canterbury.ac.nz (cantva.canterbury.ac.nz [132.181.2.27])
by server2.greengecko.co.nz (8.14.4/8.14.4) with ESMTP id u0BACAIq028580
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for
<[email protected]>; Mon, 11 Jan 2016 21:12:14 +1100"
This is the received header from your post - it's generated by my
server, so can be trusted at least by me. Most servers try and use
secure channels if available, but as this is not universal you have to
have a fallback for a more* guaranteed delivery. I offer, Canterbury
University uses it. ( verify=NO just means that it didn't check the
cert/CA: it's still sent encrypted ).
Anyone who believes a server is safer depending on its location is being
a bit niaive IMO. It's down to the owners on how well it's protected,
not the local legislation!
Steve
*mail delivery is a minefield of idiotic rules and hoops that you have
to jump through... there's the odd whim involved too to increase your
'reputation'. For example, a classic I found last year is that if you
use IPv6, you're immediately less reliable, and tainted IPv6 addresses
are stored at a /64 granularity! If you want to preserve your sanity and
hair, just use one of the big boys and let them worry. Me = masochist.
sendmail rules.
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
