Linked by Thom Holwerda on Thu 12th Apr 2012 08:59 UTC
Internet & Networking I would honestly serve at the altar of the person that did this. Keep the debugging information, but for the love of god, make your email client do something pretty and useful with it.
Permalink for comment 513934
To read all comments associated with this story, please click here.
phoenix
Member since:
2005-07-11

TLS transmission on SMTP between mail servers really doesn't make much sense. What's the purpose of TLS? To add confidentiality and security. Mail servers don't care about that, the end users do. OpenPGP and S/MIME serve just this purpose and are in wide usage because of it.


It's even worse in that encrypted SMTP connections only happen between SMTP clients and servers that support it. Meaning, your e-mail client may use TLS to connect to your SMTP server, and your SMTP server may use TLS to connect to the next SMTP server in the chain .. but there's no guarantee that the next SMTP server will support TLS .. meaning the message goes through unencrypted.

TLS, SASL, and other encryption/authentication methods are really only useful if you control *EVERY* SMTP client and server in the chain. Which really only makes it useful for remote workers connecting in to the corporate mail system to send internal mail.

It's analogous to paper mail. If I want to transmit confidential data, I sure as hell don't trust my mailman and the whole mail delivery chain to keep my secrets. I encrypt my messages at home and all I require the mail service to do is deliver them.


I like using the "postcard in an envelope" analogy when explaining e-mail to people. It really brings home the point that "anyone handling the message en-route can read it".

Reply Parent Score: 4