UK government is trying to get into iCloud end-to-end encryption. (Again?)
Makes me think about email servers too. Most of my private information is in emails, and not only I use a service where the host machines access the email, so do almost everyone I email to/from.
Here’s hoping Apple sticks to their guns and pulls adp instead of caving.
In case you didn’t see it a few weeks ago, 3.3 million servers are doing unencrypted transport.
The way email delivery is handled also means you’re not safe just because you aren’t talking to those servers.
Wow, thank you for this! But it looks like IMAP and POP, not server-to-server. And how would one of these severs compromise security if not one of the end points?
SMTP is only encrypted if the second server responds correctly to the first servers starttls.
The striptls type of attack, which prevents the servers from getting a valid starttls exchange, was in use over a decade ago by some telcom against its own customers.
Even if you know the person you’re emailing has a correctly configured client you can’t control a man in the middle attack between servers which has been in widespread use for years.