AW: [exim] support for domainkeys

Top Page
Delete this message
Reply to this message
Author: Steffen Heil
Date:  
To: 'David Brodbeck', exim-users
CC: 
Subject: AW: [exim] support for domainkeys
Hi

> Maybe, if the ISP lets them use their own domain name. But it's not clear

to me that that route will work with SSL authentication -- won't mail from
foo@??? have to match a bar.com SSL certificate? (And if not, what
exactly are you authenticating?)

No, you could use the hostname of the MX for the ssl cert. So the MX for
company.tld would be mx.mailprovider.tld. A provider would need ONE
certificate for all domains hosted on his site.

> That's what I object to. You're giving a small number of big companies

the power to control who can and cannot send email.

No.
Right today, you could say that only ONE company can decide who gets a
domain name.
In Germany this would be DeNIC (www.denic.de), the german root registrar.

However they could have a cert and sign their members, which in term sign
their members....

If it's working for domains, why shouldn't it work for certificates.

Regards,
Steffen