On Sun, 18 Nov 2012 09:50:20 +0100 JÃrÃmy Bobbio <lunar@xxxxxxxxxx> wrote: > With Postfix and probably other mail servers, you can configure a > per server TLS policy. You can make sure that the communication with > SMTP servers used by your peers is properly encrypted (and not > MITM'ed). It makes interception a lot harder. > > And you can be sure that what you receive in your mailbox will not be > harvested for data collection. Unfortunately, you are never alone: > this also depends on the server used to send the email... i.e. you can't actually be sure of anything. Unless you control every link from sender to your server, you should assume your message can be (or even has been) intercepted. So your peers encrypt their traffic to you; doesn't mean that traffic to them was encrypted, nor does it mean that plaintext messages can't be plucked straight from their queues. While you gain the possibility to control your own storage, you don't control anything that any intermediaries (or those watching your intermediaries) store. This massively limits your advantage, while you have to deal with all the headaches that come with running a mail server. It worries me that this point isn't better understood. It's the same faulty reasoning that leads to people wanting 1-hop Tor routes. Control of your end and trusting the other end is not enough. Do you gain something? Technically yes. Is it enough to phase your adversaries? Almost certainly not. Having a fully anonymised mail service would be of benefit, but just running your own server doesn't even come close to providing adequate security, because SMTP *is insecure by design*. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012@xxxxxx>
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk