[Top] [All Lists]

Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols

2013-10-25 13:23:58
Perhaps adding information about whether DNSSEC was used, as well as the
strength of the certificate verification would be useful?  This is to help
detect conditions that make MitM harder for an adversary.  For certificate
info- whether certificate was self signed, or if the signed by CA, and
whether the chain could be verified against DANE TLSA record, or by
certificate transparency.


On Fri, Oct 25, 2013 at 6:01 AM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

Received: from (localhost [IPv6:::1]) by
 (Postfix) with ESMTPS ciphersuite SSL_RSA_WITH_RC4_128_MD5 id
 Wed, 23 Oct 2013 10:48:15 -0700 (PDT)

or something along those lines.

Having recently added TLS to my mail daemon, I've been looking at various
ESMTPS and ESMTPSA received headers.  Most of them put cipher info in
a comment.  Since we all seem to log that info anyway, it might be worth
inventing a standard syntax for it.

ietf-smtp mailing list

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>