Search Mailing List Archives
[liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients
Fabio Pietrosanti (naif) - lists
lists at infosecurity.ch
Sat Oct 31 12:02:21 PDT 2015
so, the in-transit email encryption problem isn't yet solved.
The uses of opportunistic encryption with SMTP STARTTLS help, but also
this is out of the end-user control.
An email users, using a desktop, mobile or webmail client, doesn't have
any way to know if his email messages, already received or going to be
sent, will be encrypted in-transit with SMTP STARTTLS.
We are missing the ability for end-user to:
- KNOW if emails being received from Mr. X has been in-transit encrypted.
- KNOW if emails he's going to send to Mr. X are likely going to be
That's something that can be implemented with a Thunderbird plug-in and
with a Chrome plug-in (for mostly used WebMails).
we know that 96% of Gmail traffic in Tunisia is being downgraded it's
Well, without a technical analysis it would had not been possible to
know about that, unless if all the end-users would be given the
possibility by email|webmail clients to know about it.
That's a piece of technology i'd really love to see being implemented
before or later, giving back to end-users the awareness of their email
Whenever some project with knowledge about Thunderbird and Chrome
plug-in development would like to work on it, it would be amazing
If Mozilla and Google would implement that in their email clients, it
would be even cooler!
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
More information about the liberationtech