Am 14.03.2024 um 11:58:24 Uhr schrieb Slavko via mailop: > Dňa 14. 3. o 10:21 Andrew C Aitchison via mailop napísal(a): > > > Given that TLS encryption in SMTP is hop-by-hop rather than > > end-to-end, I am not convinced that this is a significant reduction > > in security. > > Of course, SMTP is hop-by-hop by design, but how important is that > hop-by-hop nowadays? Open relays are gone, source routing is gone, > forwarding is not as simple as it was in past (it must be done > properly)...
Forwarding (e.g. forwarding as attachment etc.) is still a thing and if it is about security, I only trust e2e encrypted mails to be not eavesdropped. Everything else is just a guess and nothing else. > I mean, that one will delivery message to recipient's MX host > directly, not over random (unknown) hops, in worse case it will > delivery it to backup MX (but that haven't be random hop). Thus we > can assume target MX as final target in public net. Some use a service as a backup MX. You don't have control over that. TLS encryption uses additional resources and sometimes it will be considered to disable it on some server to save resources (I have already heard such a discussion). > Of course, in some (most?) cases the target MX host will not be final > delivery target and will forward message to some MDA, eventually over > multiple MTAs, but i will consider that as internal thing (secured by > some way). Don't assume it is in any way secured. In most cases, it isn't (e.g. by IPsec etc.). There can be a forward to another domain that is completely unsecured. > IMO in most cases it is reasonable to forget about hop-by-hop nature > in SMTP as argument nowadays. Or i miss something? No, I don't think so, just some cases are unlikely today. -- kind regards Marco _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
