Harald Tveit Alvestrand wrote:
--On 21. august 2005 01:34 +0200 thomas schorpp
but AICPA or CICA are no "can of worms" ;)
what hassle with tls?
install postfix, etc, get certificate signed and enable - ready.
if you're a private mailserver, and know your technology by heart, easy.
i dont know those very professionell and well trained
mailfarm-adminteams to capitulate before newer technologies...
If your domain is "aol.com", or anything where 1 hour of downtime
generates more than 1000 angry calls from customers?
the customer firewalls (hotlines) will handle it, just now therere a
tenth of angry calls complaining about spam and phishing.
If your mailserver is a Sendmail with a heavily customized sendmail.cf?
sendmail is a UNIX dinosaur with lots of security issues up to nowadays,
therere more economical, secure and ergonomical configurable systems
like exim and postfix, etc. and think about some configuration autmation.
If your mailserver is interfaced to CC:Mail?
and? gets signed and enc too, wheres the difference?
If you require your legal department to sign off on any contracts,
including the one you have to enter into with CACert?
the legal department does only check and recommend, they sign nothing,
management decides. if you like thawtes or verisigns terms more sign
these and pay off.
Don't underestimate the work required to upgrade a million mailservers.
i dont. cost-estimation functions are positive against spam/sphishing
(nevertheless, when I get a free 4 hours, I intend to do just what you
suggest for my own Postfix installation, and offer OPTIONAL
TLS-protected SMTP... it will be interesting to see if anyone takes
advantage of it...)
you need 15min not 4 hours. nearly every postfix and exim and many
proprietary mail-solutions calling mine uses starttls first. some qmail
and escpecially sendmail hosts do not.
Ietf mailing list