On Wed, Mar 05, 2014 at 12:54:06AM +0200, s7r wrote:
> >> how are the encryption keys exchanged in order to be sure you
> >> are talking to the right end and there is no man-in-the-middle?
> >
> > * You get no man in the middle protection.
>
> Thank you Viktor for your complete answer. So if there is no man in
> the middle protection using SMTP TLS, why is it used or recommended to
> be activated?
It frustrates passive (or if you prefer the catch-phrase of the
day: pervasive) monitoring
> Since the sending server has no way to verify he is actually talking
> to the correct receiving server and connection could be intercepted by
> a man in the middle attack, what's the use for TLS on SMTP with self
> signed certs?
See above.
> The TLSA with DNSSEC on the other thing sounds very good but
> unfortunately i am not aware how DNSSEC functions and how I can
> activate it I googled few months ago for a nice tutorial with
> explanation but couldn't find one.
The tools and tutorials are still a bit bleeding edge, but improving
steadily. At this time adoption is for those comfortable with
still evolving, unpolished technology.
--
Viktor.
