[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-14 10:56:25
On 14 Sep 2013, at 16:40, keld(_at_)keldix(_dot_)com wrote:
There are not that many MTA implementations out there so if we can persuade
implementers to provide STARTTLS per default, I see this as a path
with good chances to succeed. We could even advise implementers to generate 
an auto-signed 
certificate. This guidance could be done in an RFC.

How do you propose that receivers verify self-signed certificates?

Note that many MTAs (Exchange, notably) will fail delivery if STARTTLS is 
offered, but verification does not succeed.  This is stupid because Exchange 
will happily deliver to hosts if STARTTLS is not advertised, so it's an 
inconsistent policy.  (The solution for postmasters is then to either maintain 
a table of known stupid hosts, or [as in my case] just turn off server TLS.)


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>