Harald Tveit Alvestrand wrote: > > > --On 21. august 2005 01:34 +0200 thomas schorpp <t.schorpp@xxxxxx> wrote: > >> but AICPA or CICA are no "can of worms" ;) >> >> what hassle with tls? >> >> install postfix, etc, get certificate signed and enable - ready. > > > if you're a private mailserver, and know your technology by heart, easy. i dont know those very professionell and well trained mailfarm-adminteams to capitulate before newer technologies... > If your domain is "aol.com", or anything where 1 hour of downtime > generates more than 1000 angry calls from customers? the customer firewalls (hotlines) will handle it, just now therere a tenth of angry calls complaining about spam and phishing. > If your mailserver is a Sendmail with a heavily customized sendmail.cf? sendmail is a UNIX dinosaur with lots of security issues up to nowadays, therere more economical, secure and ergonomical configurable systems like exim and postfix, etc. and think about some configuration autmation. > If your mailserver is interfaced to CC:Mail? and? gets signed and enc too, wheres the difference? > If you require your legal department to sign off on any contracts, > including the one you have to enter into with CACert? the legal department does only check and recommend, they sign nothing, management decides. if you like thawtes or verisigns terms more sign these and pay off. > > Don't underestimate the work required to upgrade a million mailservers. i dont. cost-estimation functions are positive against spam/sphishing cost estimation. > > (nevertheless, when I get a free 4 hours, I intend to do just what you > suggest for my own Postfix installation, and offer OPTIONAL > TLS-protected SMTP... it will be interesting to see if anyone takes > advantage of it...) > you need 15min not 4 hours. nearly every postfix and exim and many proprietary mail-solutions calling mine uses starttls first. some qmail and escpecially sendmail hosts do not. > Harald > y tom _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf