I cannot judge what other stuff this feature competes with, thats really upto you.
Neither is it up to me. If you feel it is important then do something. Try to help fix it ? You have the bug reference. Please add to it.
But I do object to the line of thought that this does not guarantee anything. It does not guarantee protection against mitm attack: that is certainly true.
And that effectively stops your argument in its tracks. It will currently
guarantee nothing. It may help. It may make encrypted connections to some servers, and equally it may not.
But it does guarantee that more and more email-delivery sent from an SME server cannot trivially be intercepted and scanned by numerous intermediate ip-hosts that are in between the origin server and receiving email-server. The encryption of all internet-traffic is an important task.
Only if you can control the entire chain between your server and the receiving server.
And currently you cannot do that. As I mentioned before, you also make the assumption that the receiving server is actually the final link in the chain. There may be other private servers behind the public server that you can't see.
Yes it MAY help. No guarantees.
Therefore this change add non-trivially to the privacy protection of users of the server.
I never said it was a non trivial issue.
Now you may find privacy important or not, but please do not downplay the privacy factor.
I find it very important, and hence trying to ensure other users reading this don't think they would have a water tight solution. This about clarity, nor personal opinion.
Privacy is not the same as security.
They tend to go hand in hand.....
For instance my server is in the netherlands. All mail to Gmail is scanned by at least NSA and UK secret service. When its encrypted, they cannot routinely read it. When its not encrypted they can. Surely they can mitm my server, but in practice they wont do that with most servers.
So you worry about transmitting mail to Gmail? And don't worry that a) it's read by Google and b) the spooks can get to it if they want to anyway (I would imagine it's easier to read it IN Google than hacking an encrypted connection...... I believe with the rise in encryption that attacking endpoints is more important to them these days.)
The only system to reasonably guarantee encrypted communications between two people is with PGP. And then you have to assume the spooks can't control you phone.... or Google, or Apple or.....
Yes, it may well be nice to add encrypted mail transport to SME, and I too wish the world would get a move on with this. However with the state of play in the world at the minute, adding it to SME is not going to cure every connection. It will be a hit and miss affair depending on intermediate servers and the receiving server.
Currently that is a lot of work for not a lot of guarantees. Security is only as good as the weakest link, and other users need to understand this.
Note I am extremely conscious of both privacy and security. I worked with Dan Brown to integrate Letsencrypt into SME server. I have built RPMS for IPsec and L2TPD/IPsec vpn to secure my own communications.
My point is that this may help. It may be a nice add on. But it is not currently the panacea that you think it is.
34 Replies
10290 Views