Marc Haber <[email protected]> writes: > Russ Allbery <[email protected]> wrote: >> Marc Haber <[email protected]> writes:
>>> Certificates are usually only used in E-Mail when a server authenticates >>> itself to a client before the client sends its authentication data. SMTP >>> with client certificates is possible, but I have only seen this two >>> times in 15 years of running E-Mail servers. >> All mail servers I run are configured with TLS certificates because >> that's how you encrypt SMTP traffic between servers. > That's not a contradiction to what I have written. You said that certificates are usually only used in e-mail when a server authenticates itself to a client. That's the statement with which I'm partly disagreeing. I run multiple mail servers (and Stanford University runs quite a few more) that have TLS certificates that have nothing to do with authentication. TLS certificates are a poor authentication system unless you restrict them to only CAs under your control, but they're great as an easy way of configuring effectively anonymous encryption. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
