OpenSSL version 1.1.0 pre release 6 published

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/08/2016 04:51, Viktor Dukhovni wrote:
> On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
>
>> I haven't read that proposal, but if the HTTPS server has to use the
>> same host name as the SMTPS server, then the SMTPS server could just
>> use the certificate directly.
> There is at best a very tenuous analogy between TLS for HTTP and TLS
> for SMTP.  So your suggestions miss the mark, unfortunately. :-(
>
> First and forement TLS in SMTP is opportunistic, and compounding
> that the destination hosts are discovered indirectly via MX records.
> For a more detailed exposition, see:
Hence my other suggestions about how to incorporate rules
based on the RCPT TO domain name matching if that is what
said proposal is doing (from what you wrote previously, it
couldn't safely connect to any random https server
mentioned in an unsigned TXT record).
>      https://tools.ietf.org/html/rfc7672#section-1.3
>
> [ Or just take my word for it, you are likely busy enough with
>    other things that I know very little about. ]
>

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux