> On Sep 24, 2016, at 9:43 AM, Jeffrey Honig <[email protected]> wrote: > > Any system that does not maintain up-to-date certificates is just broken; an > invitation for security vulnerabilities to be exploited in situations where > expired or revoked certificates can be exploited. Validating the certificate > chain should be the default and any other option available should come with > language that strongly discourages their use. Doing anything else would be > giving people a false sense of security.
The tricky part of this is writing the fall-back code in the client. And especially for nmh, where 24x7 always-connected-via-ethernet-to-the-internet is not a given. There are a lot of fallback scenarios that have to be dealt with if we are to preserve the security (and therefore trust) model implied by TLS. It's enlightening to read the HIPAA security requirements for email. That's the security regime I work in, and it *really* makes you pay attention to what *all* the components of your systems are doing. _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
