> > Given that TLS encryption in SMTP is hop-by-hop rather than end-to-end, > I am not convinced that this is a significant reduction in security. >
Wouldn't it be because you assume that at some point, the security will be either non-existent or low (TLS 1.0/1.1 or fallback to unsecured transaction), which is the entire point of forcing to upgrade the security? Or, if I take the idea the other way around, assuming that "TLS encryption in SMTP is hop-by-hop" and implying that some hop won't be as secure, isn't then having TLS encryption a false sense of security ? (If my message appears aggressive or disrespectful, I'm sorry, that isn't my intention). Le jeu. 14 mars 2024 à 10:24, Andrew C Aitchison via mailop < mailop@mailop.org> a écrit : > On Thu, 14 Mar 2024, Marco Moock via mailop wrote: > > > Am 14.03.2024 schrieb Cyril - ImprovMX via mailop <mailop@mailop.org>: > > > >> But in my opinion, moving the needle upward by not accepting > >> deprecated versions would force those users to be compliant and > >> improve the general security. > > > > Most of them will simply fall back to no encryption. That is the > > default setting and only a small amount of servers makes using STARTTLS > > mandatory for outgoing mail - too many situations when it fails. > > Given that TLS encryption in SMTP is hop-by-hop rather than end-to-end, > I am not convinced that this is a significant reduction in security. > > For IMAP and POP, encryption is end-to-end, but there you know, and > presumably have control over, your users. > > -- > Andrew C. Aitchison Kendal, UK > and...@aitchison.me.uk > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop