[Top] [All Lists]

Re: [ietf-smtp] certificate pinning

2014-06-08 07:24:01
On Sun, Jun 08, 2014 at 01:09:53PM +0100, Alexey Melnikov wrote:

On 7 Jun 2014, at 09:24, "Murray S. Kucherawy" 
<superuser(_at_)gmail(_dot_)com> wrote:

On Fri, Jun 6, 2014 at 8:54 PM, John Levine <johnl(_at_)taugh(_dot_)com> 
Now that more servers are offering STARTTLS, it would seem beneficial to
move forward towards certificate validation.

How do people feel about bringing the concept of certificate pinning from
HTTP ( to 

I realize there's also DANE TLSA (RFC 6698), but that has a requirement on
DNSSEC that may limit its deployment for some time to come.

translating the syntax in the http draft to smtp ehlo, I would imagine
something like (on a second EHLO after the TLS session is started):

Interesting idea.  I'd be willing to work up a draft with you.




Gilles Chehade                                          @poolpOrg

ietf-smtp mailing list