On Wed, Aug 03, 2011 at 11:37:58AM +0800, Sandy Harris wrote: > On Wed, Jul 20, 2011 at 2:53 AM, Tony Godshall <t...@of.net> wrote: > > > Any downside to letting your adversary know what domains you are > > emailing to? Well, the mice probably don't want the octopus know that > > they are emailing via @octopusnotsogreat.org? But then again SMTP > > itself is not encrypted either... > > There is an opportunistic SSL-based encryption option for SMTP. > http://tools.ietf.org/html/rfc3207
Sure, but as always with SSL, this is completely efficient only if you are able to first verify the certificate... This is still better than nothing but isn't a complete protection. AFAIK a monkeysphere implementation for SMTP is being worked on. This won't completely address the issue but will certainly help. > Any two servers with that set up will automatically encrypt all mail > transfers. If the Box runs a mail server, I'd say enabling that is a > no-brainer. > > The only question is whether, when the other server does not support > it, the Box should proceed with unencrypted transfer, or bounce the > mail back to the user with some "cannot send securely" message, > or try some alternate routing method. > > There's also "Using TLS with IMAP, POP3 and ACAP" > http://tools.ietf.org/html/rfc2595 > > That covers the client-to-server transfer of mail. If the Box runs a > mail server, that's another obvious requirement. > > _______________________________________________ > Freedombox-discuss mailing list > Freedombox-discuss@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss