[Top] [All Lists]

Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols

2013-10-25 14:18:49
One other thought to the point about standardizing this- that flexibility
to extend the disclosure mechanism would be good, since it seems that
details account for in TLS is expanding over time.


On Fri, Oct 25, 2013 at 11:23 AM, Wei Chuang <weihaw(_at_)google(_dot_)com> 

Perhaps adding information about whether DNSSEC was used, as well as the
strength of the certificate verification would be useful?  This is to help
detect conditions that make MitM harder for an adversary.  For certificate
info- whether certificate was self signed, or if the signed by CA, and
whether the chain could be verified against DANE TLSA record, or by
certificate transparency.


On Fri, Oct 25, 2013 at 6:01 AM, John Levine <johnl(_at_)taugh(_dot_)com> 

Received: from (localhost [IPv6:::1]) by
 (Postfix) with ESMTPS ciphersuite SSL_RSA_WITH_RC4_128_MD5 id
 Wed, 23 Oct 2013 10:48:15 -0700 (PDT)

or something along those lines.

Having recently added TLS to my mail daemon, I've been looking at various
ESMTPS and ESMTPSA received headers.  Most of them put cipher info in
a comment.  Since we all seem to log that info anyway, it might be worth
inventing a standard syntax for it.

ietf-smtp mailing list

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>