Re: [exim] Something like "domains_require_tls"

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Slavko
Date:  
À: exim-users
Sujet: Re: [exim] Something like "domains_require_tls"
Dňa 29. 3. o 10:22 Evgeniy Berdnikov via Exim-users napísal(a):
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
>> I understand it might help a little bit to require TLS, but without
>> verficiation that a certificate is valid, TLS requirement is not such
>> a big win, is it?
>
> Depends on your aims. Pure encryption is one level of security,
> protection against MitM attacks is another level.


I leave this to receiver decision. Nowadays it is not problem to setup
DANE, if receiver did it i (as sender) will know, that it requires TLS
and the cert have to be validated (even in more secure way than with PKI
if DANE-EE is chosen). I do not bother with other receivers -- try TLS,
then fallback to plaintext...

I am in (slowly) process to implement DANE-EE for itself now...

Encryption of email provides only transport security (on hop by hop
base), if privacy of message really matter, IMO one have to use PGP (or
so) for it.

regards

--
Slavko