Re: [Exim] TLS Problem

Top Page
Delete this message
Reply to this message
Author: Matthew Byng-Maddick
Date:  
To: exim-users
Subject: Re: [Exim] TLS Problem
On Fri, Dec 28, 2001 at 09:43:18AM -0800, Claus Assmann wrote:
> On Fri, Dec 28, 2001, Richard Welty wrote:
> I can easily achieve "real security" by just using STARTTLS.


Yes.

> Example: two boxes controlled by two persons (they are the only
> ones who have root on their machines). The MTA checks the certs
> and the mail goes only encrypted (and authenticated) over the wire.


You'll notice the words "check the certs" in that paragraph, which implies
some sort of agreement between the admins of the relevant MTAs. Now are
you getting my point?

> That's "enough" security (there is no "real security").


One Time Pad, actually. But then you have an out-of-band threat model.

> It's just a question of your threat model.


Indeed.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/