On Sat, Oct 30, 2021 at 02:09:21PM +0200, Slavko via Exim-users wrote: > It is useless to use TLS for moving messages eg. between LXC hosts (not > VPS) or for delegating delivery to other MDA, when it stays on the same > machine. If someone can gain root access to inspect/intercept them, > then it can get keys to decrypt them too or even do more harm...
Nobody is proposing that TLS policy be inflexibly uniform for all destinations. My observation is merely that the options to choose from should as much as possible make sense. If it is too easy to to accidentally configure footgun behaviour, then the design could be reconsidered. My suggestion would be that if someone configures mandatory verification to some destination, then cleartext fallback should not happen. Only "try" verification should support optional cleartext fallback. > I agree, that more options leads to more mistakes, but on the other > side, more options allows to more customization and are not forcing > some behavior for all. I am not arguing for fewer options, I'm arguing for a rational UI to the available behaviours that does not expose inexperienced users to footgun choices. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/