John C Klensin <john-ietf@xxxxxxx> writes: > You may reasonably > claim that those criteria are almost never satisfied today and > that almost all TLS connections between SMTP sender and SMTP > receiver are made in the same casual way that almost all HTTPS > ones are. That is far from true -- all significant web browsers out there validate HTTPS certs against a pre-distributed CA bundle, and reject connections when that fails. SMTP servers in general never reject connections when cert checking fails. You may argue that CAs perform casual checking, but it is distinctly better than permitting any certificates as in the SMTP world. /Simon
Attachment:
signature.asc
Description: PGP signature