Re: [exim] massive increase in SSL handshake failures after …

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Wolfgang Breyha
Data:  
Para: exim-users
Assunto: Re: [exim] massive increase in SSL handshake failures after root-CA update
On 21/01/14 00:35, Viktor Dukhovni wrote:
> Because asking for client certificates tickles bugs in client
> implementations, and unlike MSAs with client cert based access
> rules, MX hosts accept mail from everyone, even cleartext clients,
> so client certs are not useful (everything works the same or better
> without them).


MX hosts do not accept mail from everyone. Maybe theoretically but not in
the real world. There is this "little" topic called SPAM. And IMO a
verifiable client cert can provide useful information about a connecting host.

But in general you're right. Requesting them only makes sense if the result
is used.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria