[Ach] Statistics/Surveys of smtps/starttls support

Aaron Zauner azet at azet.org
Thu May 21 22:28:43 CEST 2015


* Sebastian <sebix at sebix.at> [21/05/2015 21:37:48] wrote:
> In our paper we state that bad encryption is still better than no
> encryption (in the mail world), so TLS for incoming mails (smtpd) is not
> mandatory and the ciphers are not constrained. There are many websites
> and blogs out there which recommend the opposite, mandatory TLS for
> incoming and modifying the cipher suite. To emphasize and justify this
> recommendation as also to be able to reevaluate the standpoint I think
> we should *refer to and cite statistics and surveys of smtps and
> starttls support*.

There're none (that I'm aware of).

> What recent surveys do you know we could refer to in the document, or
> discuss it's results here. I'm quite sure there has been posted a link
> to one in the past, but after the revealing of the last year there have
> been are hopefully some changes.

I don't know of any good resource for that information. That being
said; a couple of researchers and myself have been working on
exactly that issue for a couple of months -- I can't (yet) share
details but they're coming in the next months.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150521/2ad662ce/attachment.sig>

More information about the Ach mailing list