On 21/01/14 00:35, Viktor Dukhovni wrote:
> Because asking for client certificates tickles bugs in client
> implementations, and unlike MSAs with client cert based access
> rules, MX hosts accept mail from everyone, even cleartext clients,
> so client certs are not useful (everything works the same or better
> without them).
MX hosts do not accept mail from everyone. Maybe theoretically but not in
the real world. There is this "little" topic called SPAM. And IMO a
verifiable client cert can provide useful information about a connecting host.
But in general you're right. Requesting them only makes sense if the result
is used.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
