[Freedombox-discuss] DNS std for Freedomboxes? [was Re: Establishing Communicationbetween Freedomboxes]
bertagaz at ptitcanardnoir.org
bertagaz at ptitcanardnoir.org
Wed Aug 3 07:47:55 UTC 2011
On Wed, Aug 03, 2011 at 11:37:58AM +0800, Sandy Harris wrote:
> On Wed, Jul 20, 2011 at 2:53 AM, Tony Godshall <togo at of.net> wrote:
>
> > Any downside to letting your adversary know what domains you are
> > emailing to? Well, the mice probably don't want the octopus know that
> > they are emailing via @octopusnotsogreat.org? But then again SMTP
> > itself is not encrypted either...
>
> There is an opportunistic SSL-based encryption option for SMTP.
> http://tools.ietf.org/html/rfc3207
Sure, but as always with SSL, this is completely efficient only if you are
able to first verify the certificate... This is still better than nothing
but isn't a complete protection.
AFAIK a monkeysphere implementation for SMTP is being worked on. This
won't completely address the issue but will certainly help.
> Any two servers with that set up will automatically encrypt all mail
> transfers. If the Box runs a mail server, I'd say enabling that is a
> no-brainer.
>
> The only question is whether, when the other server does not support
> it, the Box should proceed with unencrypted transfer, or bounce the
> mail back to the user with some "cannot send securely" message,
> or try some alternate routing method.
>
> There's also "Using TLS with IMAP, POP3 and ACAP"
> http://tools.ietf.org/html/rfc2595
>
> That covers the client-to-server transfer of mail. If the Box runs a
> mail server, that's another obvious requirement.
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
More information about the Freedombox-discuss
mailing list