Payment Card Industry should not dictate standards compliance for general
e-mail servers. I apologize for waking up Saturday’s thread, but I didn’t see
it until today.
If you force TLS v1.1 on the server at this time, then any sys-admin requiring
compatibility with desktops on a 4 year cycle is at least 3 years away from
being able to upgrade his mail server. That’s not reasonable. If TLS v1.0
does not satisfy your requirements for a security boundary, consider client
side certs, client side enforcement of TLS version, PKI, PGP, or VPN tunnel
like IPSec.
TLS-SSL on the mail server has always been best-effort. Real security is
inside the envelope.
ED.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
