Ahoj, Dňa Sat, 30 Oct 2021 07:11:18 -0400 Viktor Dukhovni via Exim-users <[email protected]> napísal:
> No. Rather than random ad-hoc policies, we implement and evolve > standards. Thus we have: It seems, that we are talking about different cases. You are talking about remote/foreign hosts, and i am talking about internal connections/routing. It is useless to use TLS for moving messages eg. between LXC hosts (not VPS) or for delegating delivery to other MDA, when it stays on the same machine. If someone can gain root access to inspect/intercept them, then it can get keys to decrypt them too or even do more harm... That is where setting TLS behavior customization on per host base by provided options is perfect. And in most cases, admins do not need to touch it, especially when they do not understand TLS in depth. I agree, that more options leads to more mistakes, but on the other side, more options allows to more customization and are not forcing some behavior for all. regards -- Slavko https://www.slavino.sk
pgpU2o6uLHEmL.pgp
Description: Digitálny podpis OpenPGP
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
