On 05/08/2016 04:51, Viktor Dukhovni wrote:
On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
I haven't read that proposal, but if the HTTPS server has to use the
same host name as the SMTPS server, then the SMTPS server could just
use the certificate directly.
There is at best a very tenuous analogy between TLS for HTTP and TLS
for SMTP. So your suggestions miss the mark, unfortunately. :-(
First and forement TLS in SMTP is opportunistic, and compounding
that the destination hosts are discovered indirectly via MX records.
For a more detailed exposition, see:
Hence my other suggestions about how to incorporate rules
based on the RCPT TO domain name matching if that is what
said proposal is doing (from what you wrote previously, it
couldn't safely connect to any random https server
mentioned in an unsigned TXT record).
https://tools.ietf.org/html/rfc7672#section-1.3
[ Or just take my word for it, you are likely busy enough with
other things that I know very little about. ]
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
