Re: [exim] Something like "domains_require_tls"

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Olaf Hopp (SCC) at <-
MMSlavko at ->
Delete this message
Reply to this message
Author: Slavko
Date:  
To: exim-users
Subject: Re: [exim] Something like "domains_require_tls"
Dňa 29. 3. o 10:22 Evgeniy Berdnikov via Exim-users napísal(a):
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
>> I understand it might help a little bit to require TLS, but without
>> verficiation that a certificate is valid, TLS requirement is not such
>> a big win, is it?
>
> Depends on your aims. Pure encryption is one level of security,
> protection against MitM attacks is another level.

I leave this to receiver decision. Nowadays it is not problem to setup
DANE, if receiver did it i (as sender) will know, that it requires TLS
and the cert have to be validated (even in more secure way than with PKI
if DANE-EE is chosen). I do not bother with other receivers -- try TLS,
then fallback to plaintext...

I am in (slowly) process to implement DANE-EE for itself now...

Encryption of email provides only transport security (on hop by hop
base), if privacy of message really matter, IMO one have to use PGP (or
so) for it.

regards

--
Slavko


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Something like "domains_require_tls"Re: [exim] Something like "domains_require_tls"->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)