|
|
|
|
|
|
by tialaramex
2512 days ago
|
|
|
And for email that's only looking for Opportunistic Encryption. On the deliver-to-Google side that's only checking if they bothered doing TLS, and doesn't try to guess whether they'd fall back to insecure delivery if it was blocked, whether they check certificates, whether they allow archaic old ciphersuites and other configuration that's unsafe or anything like that. On the accept-mail-from-Google side that's not penalising them if they don't have plausibly trustworthy certificates, or they don't speak any modern ciphersuites or protocol versions, only if they literally can't accept TLS. Google offers an envelope versus postcard analogy, and that's exactly appropriate. Opportunistic encryption, like the envelope, means probably a postal delivery worker didn't bother reading your letter, it'd be a hassle. But anyone who is in the snooping business, like an intelligence agency or a direct adversary, OE doesn't stop them. |
|
|