On Sat, Dec 29, 2001, Matthew Byng-Maddick wrote: > On Fri, Dec 28, 2001 at 09:43:18AM -0800, Claus Assmann wrote: > > Example: two boxes controlled by two persons (they are the only
> > ones who have root on their machines). The MTA checks the certs
> > and the mail goes only encrypted (and authenticated) over the wire. > You'll notice the words "check the certs" in that paragraph, which implies
> some sort of agreement between the admins of the relevant MTAs. Now are
> you getting my point?
Depends on what's your point is...
If you talk about achievable security: sure, STARTTLS doesn't add
anything significant unless you can authenticate the other side
(i.e., you "trust" the presented cert). This doesn't really require
"some sort of agreement between the admins of the relevant MTAs"
because X.509 establishes a hierachical (tree-structured) trust
model (in contrast to PGP which uses "free-form" relations).
However, initially you were talking that a client shouldn't use
STARTTLS even if it is offered. I disagree with that. But we
established already that we disagree... Hence I'm off the
discussion now.
