[Top] [All Lists]

Re: [ietf-smtp] certificate pinning

2014-06-15 06:45:12
Brandon Long schreef op 14-6-2014 1:15:

I don't want to prevent self-signed certificates.  Presumably, at the
least, they would still work without pining, they would just be open to
MITM (ie, no better than now).

Thanks. I agree that self-signed certificates are a risk, although
better then no encryption at all -- waiting for DANE ;-)  Maybe we
should recommend DANE / DNSSEC based certs in the RFC as the way forward
in the future? And also recommend best practices to prevent mail being
dropped? (Jim Fenton, "delivery over security")

I've no experience writing RFCs and have less expertise than many others
on this list, but if I can help / proofread, let me know.


Attachment: smime.p7s
Description: S/MIME-cryptografische ondertekening

ietf-smtp mailing list