POP and IMAP both have secure versions of these protocols using either STARTTLS or TLS (TLS is a rework of the protocol that used to be delivered by the more familiar protocol SSL). We use them to collect or check the email on the server. So let’s take that as a second example and consider POP (it is 2018 but some people still do use it despite the issues within a multi-device access environment), and IMAP.
HORDE VS ROUNDCUBE VS SQUIRRELMAIL REDDIT PASSWORD
How would you feel about typing in your username and password to a server that had no certificate, no padlock, was showing as not secure? Well, you are probably going to want to avoid that on the whole unless you are within a very controlled and trusted environment. Sorry, what? HTTP? Well yes – Webmail, Outlook Web Access, SmarterMail, Horde, RoundCube, Squirrel – you may or may not be aware – but there is usually a web interface to get to your email. Let us also consider how we interact with email, and how email interacts with other servers – to the point of writing a list: Let’s jump back to email again – specifically “encrypted email”. Irrespective of whether the certificate is in date, or the name you called the server versus its Common Name – if the certificate is in place – and the keys are secure – then the connection is. It would take someone with access, skills, motivation, and possibly most critically a whole bunch of time to see the contents of the traffic passing between the two IF they did not have access to one of the ends of that conversation. We know what we are looking for to indicate that the connection between that browser and the remote server is encrypted end to end. Specifically, lets talk about the address bar, and what goes on there when you visit a site that is secured with an SSL certificate (albeit hopefully a TLS certificate – it lives zombie-like as the Floppy Disk as the save icon). Let’s transpose this away from email and talk about web pages. Well, I believe the confusion is coming from where the encryption is found. For example a quick straw poll around an office of engineers, and only a third have GPG or PGP keys… the chances are Aunty Mable and Cousin Steve are going to found wanting too. The issue is that it’s not as easy as falling off a log, and some people don’t have logs.
There are plenty of formal methods of hard, weapons-grade encryption such as PGP, GPG, or even SMIME if that is more your bag.
It needs to work without thought, and it needs to be ubiquitous. So much so that it continues to plague us in the future: The Death Star Plans would have been secure from the prying eyes of those pesky Rebels.Įncryption – to work for more mass consumption needs to be transparent. Here follow some words on where I think this is coming from, why it is so prevalent, and why we have it covered here at Hosting UK.Įncrypted data at rest is an ever evasive panacea. Thankfully it’s the right stick – but the wrong end. Sure enough, a further Google/DuckDuckGo/Bing/Weapon Of Choice suggests that this is a common issue or query string. It was so out of the blue that it left me speechless for a moment, before realising where the request was coming from. I had an enquiry yesterday regarding the necessity for encrypted emails to be GDPR compliant.
0 kommentar(er)
