On Mon, Aug 18, 2014 at 12:24:43PM -0400, Mark H. Wood wrote: > Sure, it does encrypt mail. My SMTP has mail from me to deliver. It > contacts an SMTP that it thinks can get the mail closer to its > addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they > handshake, and the rest of the session, including MAIL FROM, RCPT TO, > and my mailgram following the DATA, is encrypted over the wire.
The connection is encrypted, not the mail itelf. SSL/TLS behave like a tunnel. The end result is the same, but the details are different. Much like on OpenSSH tunnel, where SSH does not know anything of the data moving through the tunnel, STARTTLS knows nothing about the data going through its tunnel. > You mean those webmail thingies that I never use? There's so much we > don't know about their security practices that I wasn't even thinking > about such services. My remark was focused on the scenario above: > there is a local MUA, a local MTA and a remote MTA. No, I mean the POP3S/IMAPS/SMTPS/MAPIS protocols your MUA, and other SMTP MTAs connects to. Not HTTPS. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
pgp2Xw45OQOkz.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
