Author: Chris Edwards Date: To: Exim Mailing List Subject: Re: [exim] Should MX offer TLS ?
On Tue, 6 Nov 2007, Dean Brooks wrote:
| I think most MTA operators, including myself, use TLS only for the
| encryption of SMTP auth password information. The fact that the message
| payload is also encrypted for submission agents is just a bonus.
Makes sense. But then it can be argued the bad guy only needs EITHER the
password OR the data. If he can sniff the content itself on the wire,
then why bother trying to protect the password ?
| There really isn't any advantage to encrypting MX submissions. Most
| messages have spent much of their life unencrypted the entire way
OK.
| I can't imagine trying to resolve the myriad of encryption issues that
| would arise with thousands of TLS connections per hour from all over the
| world.
Right. This was just the sort of response I'm looking for. I'm also
interested to know to what extent this is a problem in practice. How do
sites who *do* do TLS over the Internet (with no certificate checks) get
on ? Are there many obscure problems encountered ?