From 2940f4eeecde3c3d7d4f2adde989ecc5bd25e059 Mon Sep 17 00:00:00 2001 From: M66B Date: Mon, 5 Nov 2018 07:30:29 +0000 Subject: [PATCH] Updated FAQ --- FAQ.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/FAQ.md b/FAQ.md index b961c5cc51..de1e5fd712 100644 --- a/FAQ.md +++ b/FAQ.md @@ -68,9 +68,20 @@ Operations are processed only when there is a connection to the email server or See also [this FAQ](#user-content-FAQ16). -**(4) What is a valid security certificate?** +**(4) How can I use an invalid security certificate / IMAP STARTTLS / an empty password?** -Valid security certificates are officially signed (not self signed) and have matching a host name. +Invalid security certificate: you should try to fix this by contacting your provider or by getting a valid security certificate +because invalid security certificates are insecure and allow [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). +If money is an obstacle, you can get free security certificates from [Let’s Encrypt](https://letsencrypt.org). + +IMAP STARTTLS: the EFF [writes](https://www.eff.org/nl/deeplinks/2018/06/announcing-starttls-everywhere-securing-hop-hop-email-delivery): +"*Additionally, even if you configure STARTTLS perfectly and use a valid certificate, there’s still no guarantee your communication will be encrypted.*" + +Empty password: your username is likely easily guessed, so this is very insecure. + +If you still want to use an invalid security certificate, IMAP STARTTLS or an empty password, +you'll need to enable insecure connections in the advanced settings and also in the account and/or identity settings. +Additionally, IMAP STARTTLS needs to be enabled in the account settings too. ~~**(5) What does 'no IDLE support' mean?**~~ @@ -137,6 +148,8 @@ So, unless your provider can enable this extension, you cannot use FairEmail for First of all you need to install and configure [OpenKeychain](https://f-droid.org/en/packages/org.sufficientlysecure.keychain/). To encrypt a message before sending, just select the menu *Encrypt*. Similarly, to decrypt a received message, just select the menu *Decrypt*. +Encryption is [Autocrypt](https://autocrypt.org/) compatible. For security reasons received messages are not decrypted automatically. +Encryption/decryption is a pro feature. **(13) How does search on server work?**