On Sat, May 10, 2014 at 9:13 PM, Michael Torrie <[email protected]> wrote:
> On 05/10/2014 08:51 PM, plug.mailing-list wrote: > > I would argue that when 'expected' a self-signed cert is *more* > > secure than one from a CA. > > > > The cert should only affect your connections to the mailserver, and > > not influence your ability to send/recieve email to/from other > > servers. > > Absolutely correct. > > Server to server smtp can use TLS, but it's not required and won't buy > you any security since each relay opens the envelope anyway, so if the > NSA is listening as mail relays through then TLS won't help. > > Only your clients who need to authenticate before sending mail, or > checking their inboxes, need TLS or SSL. If you need your e-mail > messages to be secure, then gnupg on both ends is your only real choice. > Though that leaves the envelope itself exposed. SMTP cannot help us > there. > Server to server is still worth encrypting. Unless the NSA is poisoning DNS or doing man-in-the-middle, then it does buy you some additional security. You as a user still have to be concerned with your provider eavesdropping or the stored messages being leaked, and for that end-to-end encryption like PGP is the only solution. Corey /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
