Re: default MTA
Marc Haber <mh+debian-devel@zugschlus.de> writes:
> Russ Allbery <rra@debian.org> wrote:
>> Marc Haber <mh+debian-devel@zugschlus.de> writes:
>>> Certificates are usually only used in E-Mail when a server authenticates
>>> itself to a client before the client sends its authentication data. SMTP
>>> with client certificates is possible, but I have only seen this two
>>> times in 15 years of running E-Mail servers.
>> All mail servers I run are configured with TLS certificates because
>> that's how you encrypt SMTP traffic between servers.
> That's not a contradiction to what I have written.
You said that certificates are usually only used in e-mail when a server
authenticates itself to a client. That's the statement with which I'm
partly disagreeing. I run multiple mail servers (and Stanford University
runs quite a few more) that have TLS certificates that have nothing to do
with authentication.
TLS certificates are a poor authentication system unless you restrict them
to only CAs under your control, but they're great as an easy way of
configuring effectively anonymous encryption.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: