(I mostly agree with Paul, I'm just continuing the discussion for the beauty of it)
> You do not have to do what is "doable". You have to do whatever is > *practical*. Investing in armoured vehicles to transfer your data is > certainly "doable", but not really "practical". Doable, practical, reasonable. I consider "doable" something that makes sense in a given context, but if you take it literally, yeah, that wasn't precise enough. > unless it's sensitive information, it is probably fine to send it unencrypted > or using a lesser encryption [...] > Most emails do NOT contain sensitive information You probably don't know that, but you actually should know*. So in doubt, use encryption. Nobody will blame you for using it, but you could be blamed for not doing so. Even if your current system doesn't do encryption, it's the opportunity to check if another system could, and maybe upgrade. Not having the proper tools isn't an excuse. > People often think 'Ooh, my emails are sent using TLS1.3 encryption - no one > can see them, they're safe'. Nothing could be further from the truth. Using TLS1.3 for emails is a step towards securing data. Man in the middle is not impossible, but harder to do. Not doing TLS because "pff the whole transport isn't 100% secure anyway" is, in addition to a bad idea, clearly reprehensible. * I'm using "you" generally, not specifically about Paul. If you are an ESP, then you should have a data privacy agreement with your clients to describe what content could be there and what is done with it. If you're a sender using an ESP, you should have a DPA with your provider, and ask them to enforce TLS and other "practical" methods to secure the transportation of information. -- Benjamin -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Paul Smith Sent: mardi 18 décembre 2018 15:45 To: mailop@mailop.org Subject: Re: [mailop] TLS Statistics On 18/12/2018 13:54, Benjamin BILLON wrote: > One of the basic principles of GDPR however is that whatever doable should be > done to keep personal information safe. So if you have the feature to use > encryption, you must use it. Nowadays in Europe, opportunistic TLS would be > the bare minimum. You do not have to do what is "doable". You have to do whatever is *practical*. Investing in armoured vehicles to transfer your data is certainly "doable", but not really "practical". So, yes, if strong email encryption is available, use it, but if it's not, then, unless it's sensitive information, it is probably fine to send it unencrypted or using a lesser encryption. Your data risk assessments should let you know whether that's OK or not. GDPR is quite pragmatic in that way. Most emails do NOT contain sensitive information. Email addresses & names are not 'sensitive information'. Financial & medical details are 'sensitive information'. If you had to use encryption, then using session encryption will most definitely NOT keep sensitive data safe. The mail could be processed by or stored by multiple servers, including those which may not be subject to GDPR and those will have access to the message data if you are only using session encryption. The details & locations of the servers which can access the mail data will not be known to most email users (in fact, unless both sender and recipient mail admins get together to discuss it, NO ONE will know which servers have access to a particular message) People often think 'Ooh, my emails are sent using TLS1.3 encryption - no one can see them, they're safe'. Nothing could be further from the truth. -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop