Re: [Exim] exim wishlist TLS, SPF

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mark Foster
Date:  
À: exim-users
Sujet: Re: [Exim] exim wishlist TLS, SPF
This is a cryptographically signed message in MIME format.
--
Philip Hazel wrote:
> On Wed, 7 Jan 2004, Mark Foster wrote:
>
>
>>2. support for CRL and/or OSCP? Where does this stand?
>
>
> I do wish people wouldn't assume that I know everything! :-)) What are
> CRL and OSCP?
>
> Other points noted.
>

So there isn't any support for them (yet).
My understanding is as follows...both are mechanisms for checking the
validity of X.509 certificates. When a certificate (private key
actually) is compromised, the issuing certificate authority (think
verisign, thawte, geotrust) can revoke the certificate, placing it into
a revocation list.

Typically, a CRL is published online via http://some.addr.tld/ca.crl

Applications can then check the CRL to be sure a certificate is still
legit. OSCP is an evolved CRL concept where the check can be done over a
network lookup.

So given the existing of CRL/OSCP, the trust model in exim seems to fall
short, since it doesn't (appear to) check for certificate revocation.
Please add to the wishlist... I could try and come up with some
code/patches if you would consider it.
Thanks.

--
=> Somedays it's just not worth chewing through the restraints...
=> Mark Foster <mark@???>    http://mark.foster.cc/
--
Content-Description: S/MIME Cryptographic Signature


[ smime.p7s of type application/x-pkcs7-signature deleted ]
--