Re: RFC 3207 STARTTLS


John C Klensin wrote:

--On Friday, 24 October, 2008 17:22 +0100 Tony Finch wrote:

However I don't know how to address its weaknesses for
inter-domain relaying via MX records.


Of course, this is another area in which a functional DNSSEC,
with signature verification by the SMTP clients, would make some
of us sleep a lot more soundly.  But that is not specifically a
TLS problem.

Perhaps some black magic stems from associating certificate validationwith authority acceptance. It is also a non-TLS specific problem, butit may be helpful to clarify the relationship between DNS hierarchicaldelegations and CA chains. To wit, if a CA certificate were assignedalong with each domain delegation then we would need no black magic.


BTW, why don't we write the IP number on our server certificates?

<Prev in Thread]	Current Thread	[Next in Thread>
Re: RFC 3207 STARTTLS, (continued) Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Chris Newman Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Tony Finch Message not available Re: RFC 3207 STARTTLS, SM Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Alessandro Vesely <= Re: RFC 3207 STARTTLS, Willie Gillespie Re: RFC 3207 STARTTLS, Alessandro Vesely Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Alessandro Vesely Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Carl S. Gutekunst Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Carl S. Gutekunst Re: RFC 3207 STARTTLS, Ivar Lumi Re: RFC 3207 STARTTLS, Nate Leon

Previous by Date:	Re: RFC 3207 STARTTLS, John C Klensin
Next by Date:	Re: RFC 3207 STARTTLS, Willie Gillespie
Previous by Thread:	Re: RFC 3207 STARTTLS, John C Klensin
Next by Thread:	Re: RFC 3207 STARTTLS, Willie Gillespie
Indexes:	[Date] [Thread] [Top] [All Lists]