On 10/07/14 02:51, Viktor Dukhovni wrote:
MUAs are the
most robust use-case for PKIX, because they are statically configured
to use a single MSA.
Even that is a PITA though. If I setup a domain with mail then
I think in most cases I pretty much have to deal with the MUA
getting a certificate warning of some sort when connecting to
the MS and where that cert warning is essentially meaningless.
In other words, I agree with Viktor that we're talking about >1
radically different scenario (in terms of TLS or the UTA wg.).
S.