[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Thierry Volpiatto] debbugs.gnu.org doesn't support TLS
|
From: |
Stefan Monnier |
|
Subject: |
Re: [Thierry Volpiatto] debbugs.gnu.org doesn't support TLS |
|
Date: |
Wed, 25 Nov 2020 21:04:38 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
Thanks Bob,
Indeed, I don't think there's any hurry. It's just one of those things
that we should eventually get to fix.
Stefan
Bob Proulx [2020-11-25 18:42:10] wrote:
> There is a movement to encrypt everything. I understand this. I even
> encourage it. However I do not think SMTP is ready to move to
> requiring TLS as a hard requirement. In my own server logs on a
> server that offers TLS I still see many non-TLS connections. If
> someone requries TLS I believe there will be many servers that are
> going to be problematic. More systems than just debbugs will not be
> offering opportunistic TLS connections.
>
> Remember that requiring TLS does not guarentee that the email being
> sent is always encrypted, or sent to the right place. For example
> most SMTP servers offering STARTTLS are using a self-signed
> certificate. One cannot validate the certificate offered. Therefore
> it might be a malicious MITM and yet it would be a TLS connection. Or
> it might be an MX relay and the next hop after that might not use TLS.
>
> Really at best SMTP with STARTTLS is an opportunistically encrypted
> connection only. That's good.
>
> For a variety of reasons it isn't trivial to enable for debbugs at the
> moment. We can't just flip a switch for it. But I think I know of a
> way to make this work. A little bit of patience as we can see about
> making this available. (Glenn, I'll see what I can do.)
>
> Bob
>
> Glenn Morris wrote:
>>
>> Forwarded to help-debbugs@gnu.
>>
>> Sorry, I'm not working on debbugs.gnu.org anymore.
>> (I think the address to use for debbugs help is well advertised?)
>> If you get no response from help-debbugs, please escalate to sysadmin@gnu.
>>
>> ------- start of forwarded message -------
>> Date: Fri, 06 Nov 2020 15:49:48 -0500
>> From: Stefan Monnier <monnier@iro.umontreal.ca>
>> To: Glenn Morris <rgm@gnu.org>
>> Subject: [Thierry Volpiatto] debbugs.gnu.org doesn't support TLS
>> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
>>
>> --=-=-=
>> Content-Type: text/plain
>>
>> Hi Glenn,
>>
>> I got a message pointing out that TLS-encrypted SMTP is becoming
>> standard and that debbugs.gnu.org is apparently not keeping up with that
>> standard, preventing for example posteo.de users from using the
>> "TLS-sending guarantee"
>> https://posteo.de/en/help/activating-tls-sending-guarantee
>>
>> Could you look into it or forward it appropriately?
>>
>>
>> Stefan
>>
>>
>>
>> --=-=-=
>> Content-Type: message/rfc822
>> Content-Disposition: inline
>> Content-Transfer-Encoding: 8bit
>>
>> From: Thierry Volpiatto <thievol@posteo.net>
>> To: monnier@iro.umontreal.ca
>> Subject: debbugs.gnu.org doesn't support TLS
>> Date: Fri, 06 Nov 2020 20:39:18 +0100
>> Message-ID: <87tuu21di1.fsf@posteo.net>
>>
>>
>> Salut Stefan,
>>
>> semblerait que le serveur que vous utilisez ne supporte pas TLS:
>>
>> <44486@debbugs.gnu.org>: TLS is required, but was not offered by host
>> debbugs.gnu.org[209.51.188.43]
>>
>> Regardes ici:
>>
>> https://posteo.de/en/help/activating-tls-sending-guarantee
>>
>> J'ai du d=C3=A9sactiver "TLS-sending guarantee" pour envoyer une r=C3=A9pon=
>> se.
>>
>> Par contre en envoyant le bug =C3=A0 bug-gnu-emacs@gnu.org je n'ai pas eu ce
>> probl=C3=A8me.
>>
>> J'ai pr=C3=A9f=C3=A9r=C3=A9 t'envoyer =C3=A7a en priv=C3=A9...
>>
>> Merci A+.
>>
>> --=20
>> Thierry
>>
>>
>> --=-=-=--
>>
>> ------- end of forwarded message -------
>>