On Mon, 25 Sep 2000, Peter Galbavy wrote:
> On this point, I know it has no security validity, but would it be useful to
> chnage the Received header (I checked, it looked ordinary) to say something
> like it does for AUTHed SMTP ?
The default Received: for messages received over TLS includes the
identity of the cipher used. I decided that that was sufficient, and
that you didn't need two more protocol variants (over TLS and auth over
TLS). It also means you can remove the cipher information if you want
to, by re-defining the header, and thereby remove any indication of the
use of TLS, should you want to.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
