Autor: Phil Pennock Datum: To: Jeremy Harris CC: exim-dev Betreff: Re: [exim-dev] OCSP Stapling support in experimental_ocsp branch
On 2012-05-11 at 21:56 +0100, Jeremy Harris wrote: > So, can exim running in client mode observe the stapled information?
At this time, I've only implemented the server code. I've tested it can
be seen with "openssl s_client -status".
For client code, it may make sense for the Submission case (same as SNI
support) but I've thoughts on how to improve that somewhat, more
generally, so am holding off for now until post-release.
I want to see if I can get some GnuTLS overhauling done tonight, run
test suites, then cut RC1. Oh, and I need to look at that "only use
outbound connection if the outbound interface matches the configured
one" bug.
For after this release, I want to explore turning on DNSSEC if the
resolver supports it, what that means for finding a verifiable identity
for MX delivery, and things like trust-on-first-use support, much as is
used by SSH (and has strong support in GnuTLS), to try to tackle the
problems of MX host identity.
