On Tue, Oct 1, 2013 at 12:38 AM, Dr Andrew C Aitchison
<A.C.Aitchison@???> wrote:
> I for one *do* set tls_require_ciphers (though I currently use OpenSSL
> not GnuTLS) - I dropped RC4 a couple of weeks ago after using
> it for a couple of months to protect against the BEAST.
I can see protecting against BEAST on the web where a session cookie
is passed on every transaction. What utility does protecting against
BEAST provide in an SMTP or SMTP Auth session? Help me think out of
the box because I'm not seeing the usefulness.
...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
