On Jul 1, 2004, at 10:35 PM, John Leslie wrote:
This intends to say that, in order to allow communication between
MTAs lacking any prior relationship, StartTLS is implemented with a
critical piece of that baggage removed. It goes on to warn that, with
this critical piece of baggage removed, StartTLS is no longer able to
authenticate the relationship claimed to the EHLO name.
Does this imply that the strong authentication provided by certificate
validation of TLS is to be subjugated by CSV, which is most likely to
be weaker authentication?
That certainly was not intended. StartTLS, even in its weakend form,
is still useful for its intended purpose: it's just not useful as a
means of authenticating the EHLO name.
Ah. This makes sense to be now. Thanks.
-andy