ietf-mxcomp
[Top] [All Lists]

Re: CSV and STARTTLS

2004-06-30 15:26:39

B.4.1  StartTLS ...

Does this imply that the strong authentication provided by certificate 
validation of TLS is to be subjugated by CSV, which is most likely to 
be weaker authentication?

I think you're misreading it.  They're saying that in practice people
don't use signed SSL certs to validate the other end of an SMTP
connection.  Looking at the logs of my mail servers, I see plenty of
TLS connections, but more often than not the certs are self-signed,
and in a lot of cases they just use a default cert shipped with the
MTA.  If people were going to use TLS certs to authenticate their
mail channels, they'd be doing so already, but they're not.

Opportunistic encryption is fine, but I don't see that as relating
to CSV one way or the other.  If you want to do CSV checks and then
STARTTLS, you can easily do so.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.



<Prev in Thread] Current Thread [Next in Thread>