Dnia 23.10.2023 o godz. 11:27:09 Slavko via mailop pisze: > Dňa 23. októbra 2023 10:26:57 UTC používateľ Jaroslaw Rafa via mailop > <[email protected]> napísal: > > >However, all this discussion is hardly related to email, as - as many have > >noted - there's hardly any certificate checking at all between MTAs. > > Do you want to tell, that MUAs communications are not part of email? > > Do our MTAs works only for self and mails ends nowhere or they > provides transport channel for end users and thus end users are > what matter? Or all your users still authentificate and sends/reads > own mails over plaintext and TLS is important only in MTA-MTA? > > As someone other pointed, MUAs doesn't do DANE, nor SCT, nor > anything extra to check certs. AFAIK support of SCRAM+ auth is > not common (if any). In other words, that XMPP incident is fully > applicable to email and it is possible to intercept your users > connections and one can only very little to do, to avoid that.
So the question is: are MUAs (like browsers) able to recognize EV certificates and present them appropriately to the user? And if yes, how many mail providers are going to use EV certificates on their servers, taking into account that they are usually much more expensive than regular certificates? (BTW, my opinion is that CAs are just ripping off their customers on the price of EV certificates; the administrative overhead related to paperwork needed to actually verify the subject's identity is not as big to justify so high prices of EV certificates). -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
