On Mon, 14 Jan 2002 23:34:49 +0200, Sheldon Hearn wrote:
> I now have MS Outlook sending and receiving mail securely and without
> silly warnings to and from Ian Freislich's BSD-licensed popd and Exim
> respectively.
I'd like to suggest the following change to text this section of the
specification:
| 38.4 Certificates and all that
Immediately following the following paragraph:
| A self-signed certificate made in this way is sufficient for testing,
| and may be adequate for all your requirements if you are mainly
| interested in encrypting transfers, and not in secure identification.
I'd suggest that the following text be added:
| However, many clients require that the certificate presented by Exim be
| a user (also called "leaf" or "site") certificate, and not a self-signed
| certificate. In this case, the self-signed certificate described above
| must be installed on the client host as a trusted root certification
| authority and the certificate used by Exim must be a user certificate
| signed with that self-signed certificate.
|
| For information on creating self-signed CA certificates and using them
| to sign user certificates, see the "General implementation overview"
| chapter of the Open-source PKI Book, available online at:
|
| http://ospibook.sourcefourge.net/
Ciao,
Sheldon.
