At 6:34 PM +0200 5/23/07, Florian Weimer wrote:
* Victor Duchovni:
That's good of you not to expect it, given that zero of the major CAs
seem to support ECC certs today, and even if they did, those certs
would not work in IE on XP.
We are not talking about this year or next of course. My estimate is
that Postfix releases designed this year, ship next year, are picked up
by some O/S vendors the year after and shipped perhaps a year after that,
then customers take a few years to upgrade, ... So for some users Postfix
2.5 will be their MTA upgrade in 2011 or later. So we need to anticipate
future demand by a few years to be current at the time that users begin
to use the software.
But no one is issuing certificates which are suitable for use with
SMTP (in the sense that the CA provides a security benefit).
No one? I thought that VeriSign and others did, at least a few years ago.
As far
as I know, there isn't even a way to store mail routing information in
X.509 certificates.
Why would you need to? SMTP-over-TLS only identifies the system to
whom you are speaking. No routing inforation is needed or wanted.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
