[messaging] Facebook will now PGP encrypt notification messages if you want it to

[Michael Toren]

On Mon, Jun 01, 2015 at 06:49:09PM +0200, Mike Hearn wrote:
> https://www.facebook.com/notes/protecting-the-graph/securing-email-communications-from-facebook/1611941762379302
> 
> Very cool to see this happening. I only wish it was with something better
> than PGP! :-)

I was going to comment that it would be nice if Facebook would use TLS for
outbound mail, but looking at my Facebook folder just now to confirm, it
looks like they finally started doing so on December 12th!  I had checked a
while ago, but apparently not recently.

Interestingly, the cipher selection seems to fluctuate.

	$ grep 'with cipher' mail/facebook | sort | uniq -c | sort -nr
	   2827         (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	    221         (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	     40         (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	      7         (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	      3         (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))

There might be a correlation between the remote host and the cipher, but I
haven't examined it closely enough to say.