Re: [exim] Should MX offer TLS ?

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Should MX offer TLS ?
Tony Finch wrote:
> On Wed, 7 Nov 2007, W B Hacker wrote:
>> Spealing of which - TLS for submisson, TLS for POP/IMAP, and TLS for MX - MX
>> does give nearly end-to-end protection between/among corporate servers.
>
> Yes, though you'd want to use client and server certificate verification
> for the MTA-to-MTA links, which means you'd need a list of hosts that are
> members of this secure federation to avoid interop problems. This seems to
> me like a fairly obvious idea so I expect there are already companies
> doing it - though I don't know of any.
>
> Tony.


There are many. And a step or so above that as well for major corporations.

That part was indeed a lot easier to secure before smtp and the 'internet' -
X.400 was often run on private leased circuits.

Even then, (late '80's) we needed a few 'gateways' to the smtp-world so as to
reach customers who were already migrating to the 'net and smtp.

But 'nailed up' private networks are not as common as they were...

More common today to have corporate VPN's that DO use the 'net as backbone, then
have controlled gateways to the 'net and smtp for 'off net' contacts.

Bill