On 5/12/05, John Peacock <[EMAIL PROTECTED]> wrote: > The other thing I'd like to know before any TLS patch gets committed: > how do most MTA's respond to self-signed certs, since most people don't > expect to pay NetSol/Thawte/etc. for a server cert for each of their MX > servers. And if self-signed certs are acceptable, it would be a very > good idea to document how to generate a cert (or even provide a script). > I do it often enough that the command is still in my shell history > (!), but I suspect most people would be lost without any hints...
better yet, the local cert would autovivify at the beginning or after it has been deleted. And how long to we cache the keys in use by peers? I google so you don't have to: http://www.issociate.de/board/post/195519/TLS-certificates_and_interoperability-issues_sendmail_/_Exchange_/_postfix_...html http://sial.org/talks/smtpauth-starttls/smtpauth-starttls.xml There are several use cases for the "upwards negotiation" that TLS provides. Which ones will qpsmtpd support? The ones that get supporting patches submitted first, of course! -- "I can't hear you, I'm using the scrambler" -- J. Frank Parnell
