Re: RFC 3207 STARTTLS


On Mon, 27 Oct 2008, Carl S. Gutekunst wrote:


FWIW, I've actually measured that. Each of Postini's outbound SMTP
relays connects to roughly 30,000 domains per day that claim TLS
support. Of those, about 50% use self-signed certs. (Certain "demo"
certs come up over and over.) Another 35% are CA signed, but contain
errors, like incomplete chains or expired certs. Of the 15% where the
certificate chain is valid, half don't match the MX name. So -- only 7%
to 8% of all MX domains that implement TLS do so correctly. Note that
Postini's outbound service is heavily biased towards B-to-B.


A useful survey, thanks. Did you check certificates against both the
hostname and the mail domain?

Tony.
-- 
f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
FITZROY: NORTH OR NORTHWEST 5 TO 7, PERHAPS GALE 8 LATER. ROUGH OR VERY ROUGH.
RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: RFC 3207 STARTTLS, (continued) Message not available Re: RFC 3207 STARTTLS, SM Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Alessandro Vesely Re: RFC 3207 STARTTLS, Willie Gillespie Re: RFC 3207 STARTTLS, Alessandro Vesely Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Alessandro Vesely Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Carl S. Gutekunst Re: RFC 3207 STARTTLS, Tony Finch <= Re: RFC 3207 STARTTLS, Carl S. Gutekunst Re: RFC 3207 STARTTLS, Ivar Lumi Re: RFC 3207 STARTTLS, Nate Leon Re: RFC 3207 STARTTLS, Hector Santos Re: RFC 3207 STARTTLS, SM Re: RFC 3207 STARTTLS, Alexey Melnikov

Previous by Date:	Re: RFC 3207 STARTTLS, Carl S. Gutekunst
Next by Date:	Re: SMTP 500 Line too long, Hector Santos
Previous by Thread:	Re: RFC 3207 STARTTLS, Carl S. Gutekunst
Next by Thread:	Re: RFC 3207 STARTTLS, Carl S. Gutekunst
Indexes:	[Date] [Thread] [Top] [All Lists]