On 2020-08-28 17:12, Grant Taylor wrote: > On 8/28/20 1:54 PM, Poison BL. wrote: >> I'm rather late to the game with this, but at the end of the day, >> mail coming *into* a mail server isn't typically encrypted (and even >> that is only the body, the headers can still reveal a great deal, >> and are necessary for the server to work with it). > > You seem to be referring to S/MIME and / or PGP encryption. You are > correct that S/MIME and PGP don't offer protection for headers. > > However, STARTTLS provides an encrypted channel to protect all of the > SMTP traffic. Thus, even the headers of email are encrypted while in > flight between servers. > >> A packet dump at the switch will turn over every piece of mail you >> receive along the way. > > When STARTTLS is in use, the only thing that you will see is the initial > EHLO and STARTTLS commands. Everything after that will be encrypted > traffic. >
TLS only secures the channel; what comes out at the end is a plain-text message that can be read with minimal effort by the VPS provider, no skullduggery needed. (And the private key for each TLS session is generated on-the-fly by the VPS anyway, so they could snoop on the channel too if they wanted to.) Unless the sender and recipient have some pre-shared secret (like GPG assumes), you're going to fall into the same trap that DRM falls into. The technology provides a way for Alice and Bob to communicate securely in the presence of Eve, but only when Alice, Bob, and Eve are three distinct people. If the VPS is playing the part of both Bob and Eve, an off-the-shelf encryption model isn't going to work.
