[Top] [All Lists]

Re: [ietf-smtp] certificate pinning

2014-06-07 03:24:17
On Fri, Jun 6, 2014 at 8:54 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

Now that more servers are offering STARTTLS, it would seem beneficial to
move forward towards certificate validation.

How do people feel about bringing the concept of certificate pinning from
HTTP ( to

I realize there's also DANE TLSA (RFC 6698), but that has a requirement on
DNSSEC that may limit its deployment for some time to come.

translating the syntax in the http draft to smtp ehlo, I would imagine
something like (on a second EHLO after the TLS session is started):

Interesting idea.  I'd be willing to work up a draft with you.


ietf-smtp mailing list