Re: when should we esmtps our mxes?

2016-10-29 Thread Ivan Shmakov
> Ben Hutchings writes: > On Mon, 2016-10-24 at 15:15 +, Ivan Shmakov wrote: > Ben Hutchings writes: […] >>> Those certificates look as expected. Since TLS encryption of SMTP >>> between servers is opportunistic, there's no

Re: when should we esmtps our mxes?

2016-10-24 Thread Ben Hutchings
On Mon, 2016-10-24 at 15:15 +, Ivan Shmakov wrote: > > > > > > > > > > Ben Hutchings writes: > > > […] > >  > Those certificates look as expected.  Since TLS encryption of SMTP >  > between servers is opportunistic, there's no particular reason to use >  > a widely

Re: when should we esmtps our mxes?

2016-10-24 Thread Ivan Shmakov
> Ben Hutchings writes: […] > Those certificates look as expected. Since TLS encryption of SMTP > between servers is opportunistic, there's no particular reason to use > a widely trusted CA for server certificates. A MITM can just as > easily block STARTTLS as

Re: when should we esmtps our mxes?

2016-10-24 Thread Ivan Shmakov
> Julien Cristau writes: > On Mon, Oct 24, 2016 at 11:45:33 +, Ivan Shmakov wrote: […] >> Speaking of which. Does the gnutls-cli transcript MIMEd signify of >> an ongoing MitM attack, or is it just a misconfiguration? > Neither. >

Re: when should we esmtps our mxes?

2016-10-24 Thread Ben Hutchings
On Mon, 2016-10-24 at 13:00 +, Ivan Shmakov wrote: > > > > Andrey Rahmatullin writes: > > On Mon, Oct 24, 2016 at 11:45:33AM +, Ivan Shmakov wrote: > > >  >> $ gnutls-cli --starttls -p 25 bendel.debian.org  > > […] > >  >> Connecting to '82.195.75.100:443'... > >  >

Re: when should we esmtps our mxes?

2016-10-24 Thread Julien Cristau
On Mon, Oct 24, 2016 at 11:45:33 +, Ivan Shmakov wrote: > > Kristian Erik Hermansen writes: > > On Mon, Oct 24, 2016 at 1:59 AM, Adrian Bunk wrote: > > […] > > >> For the kind of attacks you are describing, https is just snake oil. >

Re: when should we esmtps our mxes?

2016-10-24 Thread Ivan Shmakov
> Andrey Rahmatullin writes: > On Mon, Oct 24, 2016 at 11:45:33AM +, Ivan Shmakov wrote: >> $ gnutls-cli --starttls -p 25 bendel.debian.org […] >> Connecting to '82.195.75.100:443'... > I cannot reproduce gnutls-cli connecting to :443 when asked :25.

Re: when should we esmtps our mxes?

2016-10-24 Thread Andrey Rahmatullin
On Mon, Oct 24, 2016 at 11:45:33AM +, Ivan Shmakov wrote: > $ gnutls-cli --starttls -p 25 bendel.debian.org > Processed 173 CA certificate(s). > Resolving 'bendel.debian.org'... > Connecting to '2001:41b8:202:deb:216:36ff:fe40:4002:443'... > Connecting to '82.195.75.100:443'... I cannot

when should we esmtps our mxes?

2016-10-24 Thread Ivan Shmakov
> Kristian Erik Hermansen writes: > On Mon, Oct 24, 2016 at 1:59 AM, Adrian Bunk wrote: […] >> For the kind of attacks you are describing, https is just snake oil. > Profusely disagree and so do other members of this list. I'll leave >