Hi, In the IETF there is currently some discussion to get new standards on its way called MTA STS [1] (previously SMTP STS) and MUA STS[2] (previously DEEP). Their intent is to get authenticated transport encrypted TLS working for the email ecosystem. I find the MUA part less interesting, because one can already resolve this manually by enforcing TLS connections and verifying certificates, but the MTA part could fix an important loophole of email insecurity.
Right now as you probably all know especially connections between two mail servers can use encryption via STARTTLS, but the certificates are often self-signed, don't match the hostname etc. and also the encryption commands can just be stripped away by an active attacker. The rough way it works is that a policy URL is published via DNS and can then be fetched over HTTPS. The details are of course a bit complicated, as it's a nontrivial problem. I wanted to bring this up because obviously courier might be a project interested in implementing this. Also right now would be the right time if people want to influence the standards process and discuss whether they have any concerns or ideas about this. The discussions happen in the TLS UTA working [3]. [1] https://tools.ietf.org/html/draft-brotman-mta-sts-00 [2] https://tools.ietf.org/html/draft-ietf-uta-email-deep-05 [3] https://www.ietf.org/mailman/listinfo/uta -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgp4mviWvZ1GO.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users