|
mail from our server is sent encrypted as much a possible, but Yahoo's new encryption
code fails to connect to ours causing email delays to yahoo and other sites hoisted by
yahoo (sbcglobal.net) for now I have turned off encrypted mail until yahoo fully
implements PFS.
--Yahoo! Mail Now Encrypted by Default
(January 9, 2014)
While Yahoo! has at last adopted default HTTPS encryption for Yahoo!
Mail, the company is facing criticism over its "failure to follow
industry best practices in rolling out" the encryption. Yahoo! has
supported full-session HTTPS since 2012, but until now, it has been an
opt-in feature. Yahoo!'s implementation of HTTPS encryption is not
consistent across servers and includes flaws that leave it vulnerable
to snooping. Yahoo!'s implementation of the encryption is missing what
is known as Perfect Forward Secrecy, which is used by Google, Microsoft,
and Twitter.
http://www.computerworld.com/s/article/9245258/Yahoo_email_encryption_standard_needs_work
http://www.theregister.co.uk/2014/01/09/yahoo_always_on_crypto_unstrong/
Rob
|
|