Tony Finch wrote:
Hector Santos <hsantos(_at_)isdg(_dot_)net> wrote:
I guess, if anything else, there are two client suggestions to highlight:
- Automated MTA (router)
- Interactive MUA smtp client
The draft is for inter-domain SMTP so message submission is out of scope.
I don't think I can make this clearer.
Oh, so that is what you meant by "inter-domain." I am not use to
using that term within the confines of mail systems but it fits.
Other terms are "routers," "relays," etc or just MTA. I prefer router.
Inter-domain SMTP: SMTP between different ADMDs across the public
Internet, where a client sends mail to a publicly-referenced SMTP
I suggest to add an i.e.
i.e. a router, relaying MTA, not an MUA with a possible interactive
CN vs Host domain checking method where the HUMAN is involved.
Anyway, ironically, we are having a related thread now in our support
forum regarding a sysop asking about self-signed vs CA signed certs.
My question is:
If the client has to be modified to do this extra TLSA check, then why
not just add login to do a CA 3rd party repository? Or support OCSP
(Online Certificate Status Protocol) RFC2560?
When change is proposed, then it has to have a payoff. A client
trusting a self-signed signature is going to be pre-defined or
pre-arranged or known upfront.