ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC 2487 [5]: Suggest dropping of "TLS Required"- forbid and extensions of current standards

2005-09-02 07:22:19
from [thomas schorpp] [Permanent Link] 
Harald Tveit Alvestrand wrote:



--On 21. august 2005 01:34 +0200 thomas schorpp 
<t(_dot_)schorpp(_at_)gmx(_dot_)de> wrote:


but AICPA or CICA are no "can of worms" ;)

what hassle with tls?

install postfix, etc, get certificate signed and enable - ready.



if you're a private mailserver, and know your technology by heart, easy.


i dont know those very professionell and well trained
mailfarm-adminteams to capitulate before newer technologies...


If your domain is "aol.com", or anything where 1 hour of downtime
generates more than 1000 angry calls from customers?


the customer firewalls (hotlines) will handle it, just now therere a
tenth of angry calls complaining about spam and phishing.


If your mailserver is a Sendmail with a heavily customized sendmail.cf?


sendmail is a UNIX dinosaur with lots of security issues up to nowadays,
therere more economical, secure and ergonomical configurable systems
like exim and postfix, etc. and think about some configuration autmation.


If your mailserver is interfaced to CC:Mail?


and? gets signed and enc too, wheres the difference?


If you require your legal department to sign off on any contracts,
including the one you have to enter into with CACert?


the legal department does only check and recommend, they sign nothing,
management decides. if you like thawtes or verisigns terms more sign
these and pay off.



Don't underestimate the work required to upgrade a million mailservers.


i dont. cost-estimation functions are positive against spam/sphishing
cost estimation.



(nevertheless, when I get a free 4 hours, I intend to do just what you
suggest for my own Postfix installation, and offer OPTIONAL
TLS-protected SMTP... it will be interesting to see if anyone takes
advantage of it...)



you need 15min not 4 hours. nearly every postfix and exim and many
proprietary mail-solutions calling mine uses starttls first. some qmail
and escpecially sendmail hosts do not.


                        Harald


y
tom



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard, Daniel Karrenberg
Next by Date:  Re: RFC 2487 [5]: Suggest dropping of "TLS Required"- forbid and extensions of current standards, thomas schorpp
Previous by Thread:  Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard, Daniel Karrenberg
Next by Thread:  Re: RFC 2487 [5]: Suggest dropping of "TLS Required"- forbid and extensions of current standards, thomas schorpp
Indexes:  [Date] [Thread] [Top] [All Lists]