[Freedombox-discuss] Email Encryption Basics
Eugen Leitl
eugen at leitl.org
Fri Nov 16 07:35:03 UTC 2012
On Thu, Nov 15, 2012 at 04:48:50PM -0500, Sandy Harris wrote:
> The Box should, I think, support a webmail interface because
> that is what many people are used to. That should use SSL
> encryption by default; this protects mail on the wire or in the
> air between the server and your desktop or laptop.
>
> The box should also support Start TLS.
> http://en.wikipedia.org/wiki/STARTTLS
> That can protect non-web interfaces between server and
> user, POP or IMAP, and also server-to-server mail
> exchange.
Most attempted delivery from dynamic user space will
bounce, and requiring smarthosts clashes both with
the zero administration requirement and adds an additional
point of attack.
There is no really good way to interoperate with mail
delivery on the greater Internet, so I would just make FBX
a part of a working darknet, e.g. cjdns (which allows
you some limited anonymity, yet ability to de-peer
offenders), and just let postfix additionally accept
everything from within fc00::/8.
Notice that cjdns has a Debian package, though
unmaintained, and uses very few resources (there
is an OpenWRT package for embedded routers).
More information about the Freedombox-discuss
mailing list