Richard Welty wrote:
>
> the concern, i think, is that the naive will confuse SMTP over TLS with
> real security, which it is not. SMTP over TLS cannot be real security
You & I know that, but that's hardly an argument for saying "don't use
TLS except in very limited circumstances". I'm just not seeing the
downside of using TLS. If you're using TLS and not using end-to-end
encryption, and you think you have a secure system then, in Matthew's
words, you're a dork. But if you're using TLS, you're _at least_ as
secure as the guy using plaintext.