On Mon, Jan 11, 2016 at 10:53:04AM -0500, ED Fochler wrote: > Payment Card Industry should not dictate standards compliance for general > e-mail servers. I apologize for waking up Saturday???s thread, but I > didn???t see it until today. > > If you force TLS v1.1 on the server at this time, then any sys-admin > requiring compatibility with desktops on a 4 year cycle is at least 3 years > away from being able to upgrade his mail server. That???s not reasonable. > If TLS v1.0 does not satisfy your requirements for a security boundary, > consider client side certs, client side enforcement of TLS version, PKI, PGP, > or VPN tunnel like IPSec. > > TLS-SSL on the mail server has always been best-effort. Real security is > inside the envelope. > > ED. >
This is not going to happen. What's going to happen is that we will make it possible for those with a strong requirement to disable TLSv1 while the masses still get a working MTA by default with high local security and balanced security for comms. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
