David Kaufman wrote:
> > Perhaps I'm missing something, but are the OpenSRS servers really
> > using SSL to encrpt email?
>
> they're not encrypting the *message* (as in PGP), but rather the
That was my first thought - that they provided an option to receive PGP
encrypted mail. Of course this response from support set me straight:
---- > SSL encryption is done at the server level as opposed to PGP which is done > by the client. > > Since this has nothing to do with OpenSRS RSP support, I do not have any > technical details. Please contact your Email provider to determine whether > or not they support SSL encryption. ----> they should offer opt-out, though. even with SSL protection in transit, > once delivered to the recipient's SMTP server, plaintext emails tend to > lay around in mail spools (sometimes on shared servers where anyone on > the box can peruse them), get forwarded to remote mailboxes, etc.
Indeed...especially if one isn't expecting the message.
> Josh, want me to use this method to try and steal your password, just to > prove to opensrs that the opt-out should be an option? :-)
;-) I hope that won't be necessary...
--Josh Levine
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:45 EDT