dovecot - Jul 2020 - SV: SV: Outlook vs Thunderbird

Am 07.07.2020 um 18:11 schrieb Sebastian Nielsen:
> Plaintext access is no problem if the connection is secured via other means
- for example internal network or VPN.
> If the IMAP server cannot be accessed from the outside, and the traffic
don't travel over wifi or public networks, no danger.
First of all, please keep answers on the mailing list only. Obviously I 
am subscribe and I don't need to get your reply twice, by list 
distribution and in addition to my personal address.

And top-posting is another thing you should avoid.

To your answer: I disagree and see that you have a false understanding 
of security. You want service protocol encryption (here for IMAP or 
POP3) from end to end. Nothing which breaks up encryption in between.

That's valid for any size of environment. You may judge the risk is 
tolerable in case you run you own small setup where you are the only 
user. But I replied to Mark's note where he wrote about ~100 clients. So 
he either running an IMAP service for clients - where it is 
inresponsible to not teach them about security and instead lower the 
protection to none - or administering a company network for which end to 
end service encryption is a must too.

Alexander

Sorry about that, its just outlook that does that by default. But manually
deleted your adress now in reply.
I don't know what you mean with "top posting"?

What I mean is that if you have another security on the connection (be it
physical security - the connection doesn't go over public means, or VPN -
connection level encryption) then you don't need another encryption on top
of that.

Of course you must judge other risks in the physical enviroment - if a hacker
connects his laptop to a guest wifi or reception RJ45 port and ARP spoofs -
whats gonna happen? So you must of course segment and separate those networks
from your internal LAN (so a hacker is now gonna need a access badge to even get
a foot into the internal LAN), and also activate static ARP in your switches so
even if a hacker ARP spoofs (from an infected client inside internal LAN),
nothing gonna come out of the pipe.


-----Ursprungligt meddelande-----
Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r
Alexander Dalloz
Skickat: den 7 juli 2020 18:30
Till: dovecot at dovecot.org
?mne: Re: SV: Outlook vs Thunderbird

Am 07.07.2020 um 18:11 schrieb Sebastian Nielsen:
> Plaintext access is no problem if the connection is secured via other means
- for example internal network or VPN.
> If the IMAP server cannot be accessed from the outside, and the traffic
don't travel over wifi or public networks, no danger.
First of all, please keep answers on the mailing list only. Obviously I am
subscribe and I don't need to get your reply twice, by list distribution and
in addition to my personal address.

And top-posting is another thing you should avoid.

To your answer: I disagree and see that you have a false understanding of
security. You want service protocol encryption (here for IMAP or
POP3) from end to end. Nothing which breaks up encryption in between.

That's valid for any size of environment. You may judge the risk is
tolerable in case you run you own small setup where you are the only user. But I
replied to Mark's note where he wrote about ~100 clients. So he either
running an IMAP service for clients - where it is inresponsible to not teach
them about security and instead lower the protection to none - or administering
a company network for which end to end service encryption is a must too.

Alexander



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20200707/132559b5/attachment-0001.p7s>

On 2020.07.07. 20:00, Sebastian Nielsen wrote:
> I don't know what you mean with "top posting"?
It means, your answer is above text you are replying to.

--
KSB

On Tue, Jul 07, 2020 at 07:00:23PM +0200, Sebastian Nielsen
wrote:
> Sorry about that, its just outlook that does that by default.
Consider migrating to a MUA that, unlike Outlook, understands mailing
lists.

For example, Mutt (which definitely sucks less than Outlook):
http://www.mutt.org/doc/manual/#using-lists

> I don't know what you mean with "top posting"?
Read this: https://www.netmeister.org/news/learn2quote2.html#ss2.3

That FAQ was written for Usenet, but also applies to email.

-- 
A: When it messes up the order in which people normally read text.
Q: When is top-posting a bad thing?

()  ASCII ribbon campaign. Please avoid HTML emails & proprietary
/\  file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.