On 7 Jun 2014, at 09:24, "Murray S. Kucherawy"
On Fri, Jun 6, 2014 at 8:54 PM, John Levine <johnl(_at_)taugh(_dot_)com>
Now that more servers are offering STARTTLS, it would seem beneficial to
move forward towards certificate validation.
How do people feel about bringing the concept of certificate pinning from
HTTP (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-13) to SMTP?
I realize there's also DANE TLSA (RFC 6698), but that has a requirement on
DNSSEC that may limit its deployment for some time to come.
translating the syntax in the http draft to smtp ehlo, I would imagine
something like (on a second EHLO after the TLS session is started):
Interesting idea. I'd be willing to work up a draft with you.
ietf-smtp mailing list