|
|
|
|
|
|
by magicalist
4318 days ago
|
|
|
What? The connection between gmail.com and outlook.com is exactly what the GP is talking about. I agree that user confusion might result in a false sense of security, but it's ridiculous to assert that because there may be other weak links that "there's very little utility" to ensuring that email is sent over an encrypted connection between servers. In fact you could make the same claim about the TLS lock icon in the browser, as all you know is you have a secure connection to that server, you have no idea how they're actually treating the data you send to them. I like the GP's idea. Have a little secure red/green based on an attempt to negotiate a connection with the destination server(s) while you're writing the email, then, if the server says it supports encryption, only send the email over an encrypted connection, else show an error message of some sort. Not for all users at first, maybe, but SMTP over TLS is obviously getting common enough now that it should be more or less required soon. |
|
|