On Tue, 16 Oct 2001, Matthew Byng-Maddick wrote:
> On Tue, Oct 16, 2001 at 12:37:51AM -0600, Donald Thompson wrote:
> > Most remote servers should be more concerned with creating an encrypted
> > transfer rather than verifying host and certificate authenticity. Not to
> > say that there aren't a few out there are foolish enough to attempt to do
> > so.
>
> Ummmm!
>
> I think that relying on the fact that you have established an encrypted
> connection with someone (though that may not be the right person) seems
> absolutely pointless to me. Personally I use TLS for verifying relaying
> which means that I must check the client certificate, because otherwise
I was referring to server to server connections, which normally
would not involve relaying. Verifying certificates from other servers that
you have no control over means you (or they in this case) have to go
through a professional Certificate Authority in order to properly verify
the certificate. That costs a lot of money.
> I can't actually tell if the other endpoint is authorised to relay. The
> same thing applies above. It seems to me that there can be no point in
> establishing an encrypted connection if you are not going to verify the
> other endpoint. It adds overhead and gains you *nothing*.
If its client relaying your concerned with, it can be done with a whole
host of options like host IP checks, and SMTP authentication with
passwords. Some people want encryption so that unfriendly users or routers
can't sniff the traffic between client and the server, but they could
care less about verifying the client is who they say they are, especially
if its done through other means. Its hard to expect a University with
over 10,000 users to issue every one of them certificates in order to
relay through their mail server. But its not a big challenge for them to
get client to server connections encrypted so that every wanna be hacker
on campus can't snoop their professor's email as it travels across the
LAN.
Encryption gains you a lot if it keeps people from gaining information
they shouldn't have access to. Why not encrypt the transfer if
its simple to do so? Verifying identity and encrypting data are two
seperate matters in this case.
- -Don
>
> MBM
>
> --
> Matthew Byng-Maddick <mbm@???> http://colondot.net/
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>