Andrew> Opportunistic encryption with peer authentication using
Andrew> TLS happens every day on the Internet.
I question that peer authentication is commonplace (although I don't
doubt that it happens every day). I get the impression most people
use self-signed certs with STARTTLS.
I looked at a bunch of the certs that my MTA met while sending mail
today. I'd estimate that about half of them were signed by one of the
commercial signers familiar from web SSL certs, and the other half
were self-signed.
It seems unlikely to me that there's any widescale authentication
going on, since the unsigned half would all fail, and I can report
that I don't think I've ever seen a remote MTA reject my certs which
are only signed by my own local CA whose cert is only known to
machines on my network.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com