Dňa 29. 3. o 10:22 Evgeniy Berdnikov via Exim-users napísal(a):
On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
I understand it might help a little bit to require TLS, but without
verficiation that a certificate is valid, TLS requirement is not such
a big win, is it?
Depends on your aims. Pure encryption is one level of security,
protection against MitM attacks is another level.
I leave this to receiver decision. Nowadays it is not problem to setup
DANE, if receiver did it i (as sender) will know, that it requires TLS
and the cert have to be validated (even in more secure way than with PKI
if DANE-EE is chosen). I do not bother with other receivers -- try TLS,
then fallback to plaintext...
I am in (slowly) process to implement DANE-EE for itself now...
Encryption of email provides only transport security (on hop by hop
base), if privacy of message really matter, IMO one have to use PGP (or
so) for it.
regards
--
Slavko
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
