Alessandro Vesely writes:
An intermediate approach could be to have a "starttls-something" database anyway, where each host's entry contains the state of the last handshake, any of "known CA", "auto-trusted" with fingerprint and dates, or "broken", with suitable rules for state changes
Well, Courier does have something similar, an optional way to force all mail to a known domain to use TLS, and use a certificate with a verified signature.
But this is purely opt-in.
pgpXD8eMEFaAC.pgp
Description: PGP signature
------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
