On 10/15/2019 9:56 PM, Keith Moore wrote:
On 10/15/19 9:36 PM, Hector Santos wrote:
The technical security aspect of encryption is no longer good enough
-- certs now have to be CA-signed now.
Certs that weren't signed by a trusted party were never worth anything
anyway, unless maybe you manually pinned them.
Yes, 100% +1 but traditionally, it is a known target, i.e. well known
users using a well-known trusted site. As long as the common name
matches, it is secured. No?
What I am seeing for the first time ever in HTTP history, HTTP comm
I/O is ok, HTTPS is degraded by the ISP if self-signed. Explain that.
They can't. Too classified. :-(
ietf-smtp mailing list