Ahoj,
Dňa Sat, 30 Oct 2021 07:11:18 -0400 Viktor Dukhovni via Exim-users
<exim-users@???> napísal:
> No. Rather than random ad-hoc policies, we implement and evolve
> standards. Thus we have:
It seems, that we are talking about different cases. You are talking
about remote/foreign hosts, and i am talking about internal
connections/routing.
It is useless to use TLS for moving messages eg. between LXC hosts (not
VPS) or for delegating delivery to other MDA, when it stays on the same
machine. If someone can gain root access to inspect/intercept them,
then it can get keys to decrypt them too or even do more harm...
That is where setting TLS behavior customization on per host base by
provided options is perfect. And in most cases, admins do not need to
touch it, especially when they do not understand TLS in depth.
I agree, that more options leads to more mistakes, but on the other
side, more options allows to more customization and are not forcing
some behavior for all.
regards
--
Slavko
https://www.slavino.sk
