Comment by hedora
Comment by hedora 2 days ago
That adds a lot of attack surface vs. issuing a self-signed cert and confirming it was securely verified by your imap client.
Not only could let’s encrypt issue a mitm cert for your imap connections, so could other CAs, and any cloud providers / dns providers you use.
Pretty sure most people's threat model doesn't really care about the scenarios you mention. And for most people, that's fine.