Re: [exim] Should MX offer TLS ?

Top Page
Delete this message
Reply to this message
Author: Exim Mailing List
Date:  
To: exim-users
Subject: Re: [exim] Should MX offer TLS ?
On Wed, Nov 07, 2007 at 03:54:42PM +0000, John Robinson wrote:
> On 07/11/2007 15:22, Dean Brooks wrote:
> > I guess it depends on your view. In my experience, an MTA that sends
> > to MX with TLS is one that is probably not managed by someone with
> > very much experience and would more likely be a potential source of
> > trouble.
>
> I'm surprised to hear that. I'd have thought that sending to MX with
> TLS, offering a real certificate, would be a good way of saying "yes I
> really am who I say I am". Now if one could say in one's SPF records "I
> have a real cert" we'd be a long way towards sender authentication,
> wouldn't we?


Problem is, you don't have to have a CA authority sign your TLS
certificate. Anyone can self sign and TLS will accept it. All the
TLS SSL cert does is open the door to encryption.

DomainKeys is closer to that idea though.

--
Dean Brooks
dean@???