On Wed, Jul 09, 2014 at 09:45:45PM -0400, Phillip Hallam-Baker wrote:
Umm every major email client already has STARTTLS using PKIX Authentication
using the WebPKI roots. Go take a look at them.
The MUA-to-MTA use-case is completely different. I am not talking
about the MUA-to-MTA use-case.
So how can it be impractical to do something that has already been routing
for over a decade?
Easy, we're talking about completely different things. MUAs are the
most robust use-case for PKIX, because they are statically configured
to use a single MSA. MTAs are the least compatible with PKIX, because
of MX indirection, lack of user-clicks-OK fallback and need to send
email to every dark corner of the internet.
--
Viktor.