On Tue, Jan 21, 2014 at 01:04:56AM +0100, Wolfgang Breyha wrote:
> On 21/01/14 00:35, Viktor Dukhovni wrote:
> > Because asking for client certificates tickles bugs in client
> > implementations, and unlike MSAs with client cert based access
> > rules, MX hosts accept mail from everyone, even cleartext clients,
> > so client certs are not useful (everything works the same or better
> > without them).
>
> MX hosts do not accept mail from everyone. Maybe theoretically but not in
> the real world. There is this "little" topic called SPAM. And IMO a
> verifiable client cert can provide useful information about a connecting host.
You're just trolling. Yes, I could have said "anyone" rather than
"everyone", the point being that there is no a priori select group
of authenticated authorized clients. But, nobody is confused.
Verifiable client certs are of no use in this context, and just
tickle bugs. Wishful thinking does not make it otherwise.
> But in general you're right. ...
The first part of that paragraph is sufficient. :-)
--
Viktor.
