[Top] [All Lists]

Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols

2013-10-26 06:00:24
On 25/10/2013 19:30, Brandon Long wrote:
Given that you can only trust the last Received header, I'm not clear what is accomplished.

Maybe not much, but this is a similar issue to the one a 'mandatory TLS' spec has - if you don't trust an MTA, you just don't trust it, period.

If A sends a message to B, if you know it only goes through trusted MTAs, then a header saying 'this message was sent over TLS' can be trusted

If you don't know if it only goes through trusted MTAs, then it doesn't matter whether it was sent over TLS or not, the message has potentially been compromised (unless it has end-to-end encryption).


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>