At 6:34 PM +0200 5/23/07, Florian Weimer wrote:
* Victor Duchovni:

 That's good of you not to expect it, given that zero of the major CAs
 seem to support ECC certs today, and even if they did, those certs
 would not work in IE on XP.

 We are not talking about this year or next of course. My estimate is
 that Postfix releases designed this year, ship next year, are picked up
 by some O/S vendors the year after and shipped perhaps a year after that,
 then customers take a few years to upgrade, ... So for some users Postfix
 2.5 will be their MTA upgrade in 2011 or later. So we need to anticipate
 future demand by a few years to be current at the time that users begin
 to use the software.

But no one is issuing certificates which are suitable for use with
SMTP (in the sense that the CA provides a security benefit).

No one? I thought that VeriSign and others did, at least a few years ago.

  As far
as I know, there isn't even a way to store mail routing information in
X.509 certificates.

Why would you need to? SMTP-over-TLS only identifies the system to whom you are speaking. No routing inforation is needed or wanted.

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to