On Wed, 2009-09-02 at 14:55 -0400, grarpamp wrote: > > you can be absolutely certain that all your comms will be recorded/stored > >> That's why there are things like VPN, IMAP/POP over SSL and StartTLS. > > Which only covers your transit to them. All your mail > between providers is still wide open. > > > (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) > > Exactly. Everyone on the net seriously needs to be turning > on oppurtunistic encryption for all services. Crypto has little > cpu cost these days compared to the gain in privacy. > > The last bit would be to store the data encrypted. That's easy > at the provider spindles, but breaks down if you want to provide your > own key for it. So you're left with OpenPGP, FUSE, etc. > > Anyhow, whoever was going to put a table of providers > up on the wiki with little columns for https, imaps, pop3s, smtps, > 'verification/tracking' requirements, etc... deserves some thanks. I'll gladly do that / start that given a list of publicly available mail providers (i.e. no invite system, like Gmail after it stopped needing invites and before it started needing SMS). I'm waiting on the person who posted the first list to post a sanitized one.
Attachment:
signature.asc
Description: This is a digitally signed message part