On 12/10/18 6:58 PM, Alice Wonder wrote:
It is the responsibility of the client to not send if the connection is not secure, if the client wants to guarantee security for those it sends for. Using a reduced cipher lists means there is less illusion of security where it doesn't actually exist.
This philosophy is partly because my government has an organization called the NSA that spies on its own citizens. It is known they log encrypted traffic.
If mediocre ciphers that are "secure" today are allowed, then tomorrow when they are broken, the NSA may be able to decrypt that logged traffic. So plain text is better to me because it does not give the illusion the communication is private when it may only be temporarily private.
-- For signature trust anchor (paranoid only need worry 'bout this): https://ca.pipfrosch.com/pipfrosch-cacert-pem.crt Webmail clients, sorry, out of luck, you can't import it. Get an actual e-mail app.
smime.p7s
Description: S/MIME Cryptographic Signature
