Ken Hornstein <[email protected]> wrote: > Fair enough; I'm not saying that the protocol doesn't exist, it just > seems like it's extremely uncommon. BTW, does that require the TLS > client EKU in the client certificate? It seems like that's going away > from certificates issued by most public CAs, at least ones that want to > be part of the Chrome root certificate program.
I don't care, I pin the certificate on the SMTP relay via fingerprint.
> Also, I do have to ask why you don't use something like SASL, which has
> much wider client support (and I know postfix supports that).
Because none of that worked in 1998 :-)
SASL would require some kind of sign in; which means that the cron jobs on my
laptop (and other cloud machines which send reports via authenticated SMTP),
would have to have some account.
signature.asc
Description: PGP signature
