I believe the opensmtp project is taking the right approach. Decisions about certification strategies are more business than technical, and, I suggest, the opensmtp project is not here to make business recommendations, even implicit ones. Wikipedia document some things to consider, including http://en.wikipedia.org/wiki/X.509#Security see problems with certificate authorities.
Having said that, I most certainly do not speak for the opensmtp project; indeed, I do not speak for anyone apart from me, and am most probably talking nonsense. If I were to use certificates that had to be trustable by strangers, I¹d use a certification authority from an established organisation whose business depended on them being trusted. By coincidence, I live in an international banking centre, so I¹ve a rich choice (ho ho). Dylan Harris a broad Brit abroad On 30/03/2014 04:40, "Hugo Osvaldo Barrera" <[email protected]> wrote: >On 2014-03-29 19:26, Stéphane Guedon wrote: >> Hello >> >> I don't like to behave like an asshole and say stupid things to cool >> peoples... but the ssl certs for opensmtpd.org are valid only for >> poolp.org. >> >> You don't use dnssec, neither good ssl certs ... ? >> >> Sorry for annoyement. >> >> -- >> You received this mail because you are subscribed to [email protected] >> To unsubscribe, send a mail to: [email protected] >> > >Hit to the dev: StartSSL give out free SSL certificate that are trusted >by all major browsers and OSs. That + SNI should fix that. :) > >-- >Hugo Osvaldo Barrera >A: No, it doesn't make sense. >Q: Should I include quotations *after* my reply? -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
