On Sun, Jun 08, 2014 at 01:09:53PM +0100, Alexey Melnikov wrote:
On 7 Jun 2014, at 09:24, "Murray S. Kucherawy"
<superuser(_at_)gmail(_dot_)com> wrote:
On Fri, Jun 6, 2014 at 8:54 PM, John Levine <johnl(_at_)taugh(_dot_)com>
wrote:
Now that more servers are offering STARTTLS, it would seem beneficial to
move forward towards certificate validation.
How do people feel about bringing the concept of certificate pinning from
HTTP (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-13) to
SMTP?
I realize there's also DANE TLSA (RFC 6698), but that has a requirement on
DNSSEC that may limit its deployment for some time to come.
translating the syntax in the http draft to smtp ehlo, I would imagine
something like (on a second EHLO after the TLS session is started):
Interesting idea. I'd be willing to work up a draft with you.
Ditto.
+1
+1
--
Gilles Chehade
https://www.poolp.org @poolpOrg
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp