Re: [exim] TLS auth between SMTP servers for mail exchange

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim-users
Temat: Re: [exim] TLS auth between SMTP servers for mail exchange
On Wed, Mar 05, 2014 at 12:54:06AM +0200, s7r wrote:

> >> how are the encryption keys exchanged in order to be sure you
> >> are talking to the right end and there is no man-in-the-middle?
> >
> > * You get no man in the middle protection.
>
> Thank you Viktor for your complete answer. So if there is no man in
> the middle protection using SMTP TLS, why is it used or recommended to
> be activated?


It frustrates passive (or if you prefer the catch-phrase of the
day: pervasive) monitoring

> Since the sending server has no way to verify he is actually talking
> to the correct receiving server and connection could be intercepted by
> a man in the middle attack, what's the use for TLS on SMTP with self
> signed certs?


See above.

> The TLSA with DNSSEC on the other thing sounds very good but
> unfortunately i am not aware how DNSSEC functions and how I can
> activate it I googled few months ago for a nice tutorial with
> explanation but couldn't find one.


The tools and tutorials are still a bit bleeding edge, but improving
steadily. At this time adoption is for those comfortable with
still evolving, unpolished technology.

-- 
    Viktor.