Linked by Thom Holwerda on Thu 12th Apr 2012 08:59 UTC
Internet & Networking I would honestly serve at the altar of the person that did this. Keep the debugging information, but for the love of god, make your email client do something pretty and useful with it.
Permalink for comment 514017
To read all comments associated with this story, please click here.
Member since:

Yes, exactly my point! Why then would you trust your post boy (mail server) not to take a peek inside the envelope if it carries sensitive information? That's actually an argument *for* end-to-end encryption!

I know it is - I was arguing in favour of encryption the whole time *facepalm*

Because TLS is necessarily two-way and hop-by-hop. You can't establish a TLS session via e-mail itself, the round-trip for salt exchange and other protocol setup would be just terrible. That's why we have things like S/MIME and PGP.

I'm aware of that, but even just TLS is a huge step up from where we currently are. However I wasn't saying the encryption method had to be TLS, I just said it should be a requirement in the protocol / specification rather than an addon provided by the client.

At least with enforced TLS, it means that even lazy developers are forced to encrypt communications and it prevents any interception. It "just" doesn't account for hacked mail relays.

Reply Parent Score: 2