/c/cybersecurity - Cybersecurity News & Discussion

2121 readers

1 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago

MODERATORS

[email protected]

email TLS question (lemmy.ml)

submitted 9 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Infomaniak claims to use TLS, but

The first link in the TLS chain is executed via a purely internal network by the webmail and Smtp servers and is not available in TLS for performance reasons.

is this normal, acceptable, irrelevant, standard, a red flag?

they are the biggest hosting provider of Switzerland, so I somehow have a hard time believing, they lack resources to implement TLS right.

you are viewing a single comment's thread
view the rest of the comments

[–] olosta 5 points 9 months ago (1 children)

The gain would be that an attacker having a foothold on the internal network (by having a physical access or hacking a device on it) would be able to sniff and modify outgoing emails.

I'm a bit sceptical about the performance claim on modern hardware.

That said it's not a completely unreasonable tradeoff.

[–] [email protected] 5 points 9 months ago (1 children)

If an attacker is already inside and has access to a server, they have bigger problems to worry about.