On Sep 24, 2016, at 9:43 AM, Jeffrey Honig <jch(_at_)honig(_dot_)net> wrote:
Any system that does not maintain up-to-date certificates is just broken; an
invitation for security vulnerabilities to be exploited in situations where
expired or revoked certificates can be exploited. Validating the certificate
chain should be the default and any other option available should come with
language that strongly discourages their use. Doing anything else would be
giving people a false sense of security.
The tricky part of this is writing the fall-back code in the client. And
especially for nmh, where 24x7 always-connected-via-ethernet-to-the-internet is
not a given.
There are a lot of fallback scenarios that have to be dealt with if we are to
preserve the security (and therefore trust) model implied by TLS.
It's enlightening to read the HIPAA security requirements for email. That's
the security regime I work in, and it *really* makes you pay attention to what
*all* the components of your systems are doing.
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers