I am elaborating what Praveen and I discussed. Please correct me if I understood something wrong.

There are two issues here:

1. Institutes using free software in your own server so that they can have control over their email server.

2. Encryption of mails.

For point 1, we don't know if someone has actually used Tutanota's software for emails so we don't know how good that is.

The following point applies when we recommend institutes to buy Tutanota plans: Praveen points out that Tutanota's encryption scheme is new and not widely used. We don't know about any independent audits and implementations of this scheme. It maybe that it is good and better than PGP. But we cannot be sure unless some independent entity says that.

Also, Tutanota is encrypting emails from the server side. You can never be sure about the server-side encryption. The better thing to do is to encrypt mails in the client itself so that it is encrypted before it reaches the server. For example, PGP encryption can be done by Thunderbird, PEP and Autocrypt.

On the other hand, PGP encryption and IMAP is being used widely.

Therefore, in the view of these comments, we should remove Tutanota from our recommendation for emails unless we find some independent documents of their credibility.

I think we should suggest institutes to run their own mail server using Mail-in-a-Box, iRedMail, FreedomBox, as Praveen suggested. We can further recommend the participants of the email server to use PGP for encryption.

Thanks!

--

Ravi Dwivedi

My PGP key https://keys.openpgp.org/vks/v1/by-fingerprint/430F5BE41D681CD30711B9AE4D03223060B98062

_______________________________________________

fsf-discuss mailing list -- fsf-discuss@mm.gnu.org.in

To unsubscribe send an email to fsf-discuss-leave@mm.gnu.org.in