On Sun, 12 Oct 2025 17:59:57 +0100 (BST) Andrew C Aitchison via mailop <[email protected]> wrote:
> What would we need in order for SMTP TLS client certificates > to have a useful place in authenticating the sender ? Before you can meaningfully do anything, you'd need a dedicated PKI structure for SMTP client certificates or some other validation mechanism. (WebPKI certificates used to be usable as client certificates, but that is currently being changed due to tightened rules.) But even before that, you'd have to ask: what exactly is your goal? I guess it is something along the lines of "I want to know that this mail from @example.com really came from @example.com". But then, you're essentially in the DKIM/SPF/DMARC territorry, and your question should probably be: whatever you want to achieve, how does it fit with the existing DKIM/SPF/DMARC, and do you want to propose an enhancement to one of those? -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
