Re: [exim] Something like "domains_require_tls"

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MEvgeniy Berdnikov at <-
M\Olaf Hopp (SCC) at ->
Delete this message
Reply to this message
Author: Kirill Miazine
Date:  
To: exim-users
Subject: Re: [exim] Something like "domains_require_tls"
• Evgeniy Berdnikov via Exim-users [2023-03-29 11:22]:
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> > I understand it might help a little bit to require TLS, but without
> > verficiation that a certificate is valid, TLS requirement is not such
> > a big win, is it?
>
> Depends on your aims. Pure encryption is one level of security,
> protection against MitM attacks is another level.

Exactly. The former preventing passive data collection, the later --
active. Still, if *I* were to state a legal requirement that certain
domains use TLS, I'd also ask for verification either via TLS or
DANE, because just TLS is a very small win.

> > I too have a transport that would require TLS for certain sending
> > domains, but I haven't yet required TLS verification, because it often
> > breaks.... So there we are...
>
> Probably you haven't yet clear understanding of your own needs.

I was just doing an experiment setting up a domain that would require
TLS for receiving and TLS for sending, and ideally I'd want
verification when sending, but we aren't there yet.

K.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Something like "domains_require_tls"Re: [exim] Something like "domains_require_tls"->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)