Re: [exim] Something like "domains_require_tls"

Góra strony
Delete this message
Reply to this message
Autor: Kirill Miazine
Data:  
Dla: exim-users
Temat: Re: [exim] Something like "domains_require_tls"
• Evgeniy Berdnikov via Exim-users [2023-03-29 11:22]:
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> > I understand it might help a little bit to require TLS, but without
> > verficiation that a certificate is valid, TLS requirement is not such
> > a big win, is it?
>
> Depends on your aims. Pure encryption is one level of security,
> protection against MitM attacks is another level.


Exactly. The former preventing passive data collection, the later --
active. Still, if *I* were to state a legal requirement that certain
domains use TLS, I'd also ask for verification either via TLS or
DANE, because just TLS is a very small win.

> > I too have a transport that would require TLS for certain sending
> > domains, but I haven't yet required TLS verification, because it often
> > breaks.... So there we are...
>
> Probably you haven't yet clear understanding of your own needs.


I was just doing an experiment setting up a domain that would require
TLS for receiving and TLS for sending, and ideally I'd want
verification when sending, but we aren't there yet.

K.