Am Freitag, 6. September 2019, 14:37:23 CEST schrieb Cyborg via Exim-users: > Article 32 p 1 EU GDPR states, that the transport of personal data has > to be protected,
I know that cr**, but: - just "forcing" TLS is not "securing", because many servers until today use certificates without a certificate signed from the x509 CA "mob" (BA - who financed the "encrypt everything" campaign in EU, W3org and others). - if a user decides to send his emails without encryption (senders as recipients in Email are responsible for their "own side", incl. MX as MTA on their side - if they (whyever) decide not to use encryption (i.e. because they are only allowed to send unencrypted because of their local law), this should be "their thing". This EU law is still producing a huge amount of new law insecurity (because of i.e. contradictory rules as policies with very wide rooms for interpretations) and existencial fines (for companies - not really for public / gov entities for which services you can't decide...) are existencially. by this law, even a post card (service) could be "violating"... The internet is a global network of non geolocatable users and it is ugly how that EU law is still affecting non-EU companies (see i.e. the destroyed WHOIS of many non-EU Registries) and limits our access to non EU news sources and other services, because they block "EU" users 451 to avoid any "trouble". Don't get me wrong here - i'm a huge fan of personal data security in the meaning of informational self determination and encryption is (only) one important tool for - but this law works vice versa / abusive in reality. There are many options for Email users to "secure" their Email against what they want (we know, there is no "100% secure against anything...") - i.e. by deciding for any kind of security-granting provider, (foreign) VPN services or by really end-to-end encrypt their stuff with PGP or S/MIME. > Thats also the reason, why you have > to use https with contact forms in websites since 2016 ) ...so that users "know they are secure without to check byself that the lock is closed" - while that's not true (but the business principle mof the BA CA "mob" until today). Which user is checking only one Certificate Path in reality? just my .02$, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
