It appears that William Herrin via NANOG <[email protected]> said: >On Fri, May 23, 2025 at 12:34 PM John Levine via NANOG ><[email protected]> wrote: >> It appears that Bjørn Mork via NANOG <[email protected]> said: >> >> I really wish this zombie argument would die. The people who run mail >> >> systems are not all stupid, and if client certs were useful, someone >> >> in the past 30 years would have tried using them. >> > >> >I'm not sure what you're trying to say here, but there is no difference >> >between submission and smtp wrt mutual tls. If the server wants to >> >authenticate the client, then a client certificate will be useful. >> >> If the client authenticates it's submission. If it doesn't, it's SMTP >> unless the client later authenticates with SMTP AUTH. > >Hi John, > >Only traffic on port 587 is explicitly SMTP submission.. On port 25 it >might or might not be depending on how the client and server choose to >use the authentication. For example, an MSA can add or change >message-id, date and sender headers in the message body while an MTA >is not supposed to. This happens independent of whether the >connection to the MTA/MSA is authenticated.
This is a waste of time. If people want to believe that SMTP clients send certificates, there's not much I can do to persuade them otherwise. But in any event, I hope we have established that the number of people affected by the LE change to stop signing client certs rounds to zero. R's, John _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/CO7TWHY7PWI66QZR73BEA7ZIOGNA5NHK/
