Re: [Exim] TLS Problem

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Łukasz Grochal
Date:  
À: exim-users
Sujet: Re: [Exim] TLS Problem
Matthew Byng-Maddick <exim@???> writes:

> On Mon, Dec 24, 2001 at 02:45:16AM +0100, Lukasz Grochal wrote:
> [both to me, and to the list, as I explicitly asked him not to]


Listen, my (presumably) young and hasty friend. Listen carefully
and try to understand: I DID NOT. Now go and try to check what
I actually did (hint: a mistake in this case - go, read the
Received headers, you know where to look for them).

>> Great, OK. That means the host in question MUST NOT be a public MX for
>> the domain. I hope that's clear and I won't elaborate on that issue.


> Your *wrong* opinion. This is discriminatory to people who only have one
> IP addresses.


Now again, my friend. Go and read RFC2822. It clearly says, an MX MUST
accept mail for postmaster@<domain>. Now as you've learned that we can
go on.

> I've given you a good example where it does hurt, you chose to say that
> I was wrong, but your own cluelessness shows through.


And this is because I've told you that a public MX set up so that it
refuses mail sent without encryption is simply useless and such an
MX refusing unencrypted mail to postmaster is simply illegal? Good.

> You're talking crap! I've given you a particularly good example of where
> it doesn't work.


And demand me to say that because of that (surely weird and requiring
special router setup anyways) particular example I should admit, that
misconfigured hosts I've initially described don't actually exist? Good.

> What you missed, is that you can't communicate that a client certificate
> is required, in band with the STARTTLS command. By not being able to do
> this, then trying to do encryption just because a host advertises STARTTLS
> is obviously wrong, because you don't know what the policies required of
> you are.


That's your point of view. And I won't comment on that, just read on.

> Well, IKE is not exactly a simple protocol to understand.


You clearly don't understand what I'm talking about. Both when I'm talking
about SMTP and MX-es and when I talk about encryption. Please, go read
<http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/config.html>,
the part on opportunistic encryption, and perhaps <http://www.freeswan.org/
freeswan_trees/freeswan-1.91/doc/politics.html> Then come back and we'll
discuss the issue again if you wish.

Now, to conclude: I usually don't answer people that ex cathedra produce
ad personam arguments. I usually let them go back to the sandboxes, they
came from and mature. But I've found something interesting - in your whole
article, neither this nor your previous one, you _never_ raised any
practical issues regarding implementing fuctionality I requested. Neither
you prove that it would break Exim in any way. The only thing you did was
to say that both me and the idea are stupid.

Regards and have a nice life,

--
(-) Łukasz Grochal                                  lukie@???
                                                  (for PGP key visit:)
_____________________________________________ http://www.rotfl.eu.org/ __
... all in all it's just another rule in the firewall.       /Ping Flood/