On Sun, Oct 12, 2025 at 05:59:57PM +0100, Andrew C Aitchison via mailop wrote: > > I know that TLS is only hop-to-hop, not end-to-end > and that MTA-MTA only has STARTTLS, not fully encrypted connections, > but it does allow client certificates as well as server certificates. > > What would we need in order for SMTP TLS client certificates > to have a useful place in authenticating the sender ? > > DNSSEC would probably help; are there other useful missing pieces ?
DANE comes to mind. -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
