Re: [exim] massive increase in SSL handshake failures after …

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Wolfgang Breyha
Fecha:  
A: exim-users
Asunto: Re: [exim] massive increase in SSL handshake failures after root-CA update
On 21/01/14 00:35, Viktor Dukhovni wrote:
> Because asking for client certificates tickles bugs in client
> implementations, and unlike MSAs with client cert based access
> rules, MX hosts accept mail from everyone, even cleartext clients,
> so client certs are not useful (everything works the same or better
> without them).


MX hosts do not accept mail from everyone. Maybe theoretically but not in
the real world. There is this "little" topic called SPAM. And IMO a
verifiable client cert can provide useful information about a connecting host.

But in general you're right. Requesting them only makes sense if the result
is used.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria