Re: opportunistic email encryption by the MTA (not MUA)

["Brian J. Murrell" <brian () interlinx bc ca>]

On Fri, 2021-01-15 at 03:33 -0800, Randy Bush wrote:
> email from a friend who uses protonmail as their MTA suddenly started
> to
> be opportunistically encrypted with pgp; i.e. the sender's MUA did
> nothing to cause the encryption.  i believe this started when i
> provided
> my pgp public key over WKD [0].

Interesting.  When I read the subject though, I have to admit that I
was hoping your e-mail was going to be about REQUIRETLS/RFC8689.

It's a real pity that there appears to be no real-world
use/implementation of RFC8689.

I think in practice the old adage that "e-mail is insecure" is becoming
untrue, by a significant amount, I suspect, due to the prevalence of
STARTTLS.

The problem with STARTTLS of course is that it is opportunistic only
and with no way for the sender to indicate that a message MUST use TLS
or not be delivered at all.

I routinely send things by e-mail that, while they are not the
combination to the big safe at Fort Knox, they are not something I
would staple to utility poles.

When doing such I will typically look up the MXes for the recipient and
test their SMTP port for STARTTLS to see if the mail will at least ride
the wires with TLS.

It would be so much easier to have a checkbox in my MUA to do this
though.  :-)

All of that said, thanks for the pointer to WKD.  I didn't know about
that.

Use of it at the MTA level is interesting.

Cheers,
b.

Attachment: signature.asc
Description: This is a digitally signed message part