Author: Exim Mailing List Date: To: exim-users Subject: Re: [exim] Should MX offer TLS ?
On Wed, Nov 07, 2007 at 03:54:42PM +0000, John Robinson wrote: > On 07/11/2007 15:22, Dean Brooks wrote:
> > I guess it depends on your view. In my experience, an MTA that sends
> > to MX with TLS is one that is probably not managed by someone with
> > very much experience and would more likely be a potential source of
> > trouble.
>
> I'm surprised to hear that. I'd have thought that sending to MX with
> TLS, offering a real certificate, would be a good way of saying "yes I
> really am who I say I am". Now if one could say in one's SPF records "I
> have a real cert" we'd be a long way towards sender authentication,
> wouldn't we?
Problem is, you don't have to have a CA authority sign your TLS
certificate. Anyone can self sign and TLS will accept it. All the
TLS SSL cert does is open the door to encryption.