Received a reply from Mailbox.org
Thank you very much for your message. We had already blocked the two protocols for transport encryption, but in practice we had to realize that this is unfortunately not yet practical, because we also want to accept mails for our customers. We therefore prefer to accept messages that are poorly encrypted than not encrypted because no transport encryption standard could be negotiated. Please note that in the case of mail communication, the sender and the recipient must always agree on a protocol and we always accept the highest standard in any case. When it is not possible to agree on a protocol the mail will be send in plain text.
If you really want to be sure and send the messages exclusively over encrypted channels, I recommend you to use our secure addresses here.
https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely
I don’t think the TLS 1.0/1.1 thing is important if they are already doing a server suite preference.
I sent them an email and asked about their user vault. They confirmed that it’s not really zero knowledge encryption as it is “server-side encryption”. They don’t currently have any plans to change that. It appears the LUKS system mentioned in the whitepaper was developed by an external team and they continue now to develop it in-house. I’m not too sure we can continue to recommend Start Mail alongside the other products because we did add the zero-knowledge requirement some time ago. It is worth noting we removed Disroot (although they are working on a PGP based inbox encryption like Mailbox.org have). Mailfence also isn’t listed for the same reason. I emailed them again on 9th March 2022, and they still haven’t got that ready.
As for WKD, they said their developers are enthusiastic about along with importing own keypairs and allowing adjustment of the algorithm from the 3072 DSA/ElGamal keys that are generated. Currently it is not possible to use RSA 4096bit or ed25519/cv25519 private keys with Start Mail, unless you use an email client. While that is an option, it means that Start Mail really isn’t any better than Fastmail, Migadu or other providers we don’t list.
I think for PGP providers we must:
- Make WKD a requirement, without key discovery people aren’t likely to use PGP.
- Require encryption in the client, we really don’t want to be encouraging Hushmail-like encryption.
This would also allow us to address StartMail: Add a warning explaining drawbacks of the User Vault · Issue #1433 · privacyguides/privacyguides.org · GitHub which a user in our community has already picked up.