help-debbugs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Thierry Volpiatto] debbugs.gnu.org doesn't support TLS


From: Bob Proulx
Subject: Re: [Thierry Volpiatto] debbugs.gnu.org doesn't support TLS
Date: Wed, 25 Nov 2020 18:42:10 -0700

There is a movement to encrypt everything.  I understand this.  I even
encourage it.  However I do not think SMTP is ready to move to
requiring TLS as a hard requirement.  In my own server logs on a
server that offers TLS I still see many non-TLS connections.  If
someone requries TLS I believe there will be many servers that are
going to be problematic.  More systems than just debbugs will not be
offering opportunistic TLS connections.

Remember that requiring TLS does not guarentee that the email being
sent is always encrypted, or sent to the right place.  For example
most SMTP servers offering STARTTLS are using a self-signed
certificate.  One cannot validate the certificate offered.  Therefore
it might be a malicious MITM and yet it would be a TLS connection.  Or
it might be an MX relay and the next hop after that might not use TLS.

Really at best SMTP with STARTTLS is an opportunistically encrypted
connection only.  That's good.

For a variety of reasons it isn't trivial to enable for debbugs at the
moment.  We can't just flip a switch for it.  But I think I know of a
way to make this work.  A little bit of patience as we can see about
making this available.  (Glenn, I'll see what I can do.)

Bob

Glenn Morris wrote:
> 
> Forwarded to help-debbugs@gnu.
> 
> Sorry, I'm not working on debbugs.gnu.org anymore.
> (I think the address to use for debbugs help is well advertised?)
> If you get no response from help-debbugs, please escalate to sysadmin@gnu.
> 
> ------- start of forwarded message -------
> Date: Fri, 06 Nov 2020 15:49:48 -0500
> From: Stefan Monnier <monnier@iro.umontreal.ca>
> To: Glenn Morris <rgm@gnu.org>
> Subject: [Thierry Volpiatto] debbugs.gnu.org doesn't support TLS
> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
> 
> --=-=-=
> Content-Type: text/plain
> 
> Hi Glenn,
> 
> I got a message pointing out that TLS-encrypted SMTP is becoming
> standard and that debbugs.gnu.org is apparently not keeping up with that
> standard, preventing for example posteo.de users from using the
> "TLS-sending guarantee"
> https://posteo.de/en/help/activating-tls-sending-guarantee
> 
> Could you look into it or forward it appropriately?
> 
> 
>         Stefan
> 
> 
> 
> --=-=-=
> Content-Type: message/rfc822
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
> 
> From: Thierry Volpiatto <thievol@posteo.net>
> To: monnier@iro.umontreal.ca
> Subject: debbugs.gnu.org doesn't support TLS
> Date: Fri, 06 Nov 2020 20:39:18 +0100
> Message-ID: <87tuu21di1.fsf@posteo.net>
> 
> 
> Salut Stefan,
> 
> semblerait que le serveur que vous utilisez ne supporte pas TLS:
> 
> <44486@debbugs.gnu.org>: TLS is required, but was not offered by host
>     debbugs.gnu.org[209.51.188.43]
> 
> Regardes ici:
> 
> https://posteo.de/en/help/activating-tls-sending-guarantee
> 
> J'ai du d=C3=A9sactiver "TLS-sending guarantee" pour envoyer une r=C3=A9pon=
> se.
> 
> Par contre en envoyant le bug =C3=A0 bug-gnu-emacs@gnu.org je n'ai pas eu ce
> probl=C3=A8me.
> 
> J'ai pr=C3=A9f=C3=A9r=C3=A9 t'envoyer =C3=A7a en priv=C3=A9...
> 
> Merci A+.
> 
> --=20
> Thierry
> 
> 
> --=-=-=--
> 
> ------- end of forwarded message -------
> 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]