Re: [mailop] self-signed cert for inbound TLS

> On Jul 26, 2017, at 5:42 PM, Steve Atkins wrote: > > It doesn't _really_ matter in the context of deciding whether a certificate > is being presented by a legitimate domain owner or a MitM. Well I think that’s the whole solution of DANE, ie validate through DNSSCEC that

Re: [mailop] Restricted email address UIDs for public email domains

On Tue, Jul 25, 2017 at 9:59 AM, Kirk MacDonald wrote: > In addition to what is mentioned in RFC2142, can anyone offer any resources > (or "best practices") for what can be considered "restricted" email > addresses/UIDs for a domain which offers mailbox service

Re: [mailop] Restricted email address UIDs for public email domains

You might be going too stringent in that case.. For instance, many people create aliases related to the service they are working with.. Also, a lot of people use 'throwaway' addresses related to the service.. I remember using 'ticketmaster@' once and surprised at how quickly 3rd party offers

Re: [mailop] Restricted email address UIDs for public email domains

On Tue, Jul 25, 2017 at 04:59:39PM +, Kirk MacDonald wrote: > In addition to what is mentioned in RFC2142, can anyone offer any > resources (or "best practices") for what can be considered "restricted" > email addresses/UIDs for a domain which offers mailbox service to the > general public?

Re: [mailop] self-signed cert for inbound TLS

> On Jul 26, 2017, at 1:43 PM, valdis.kletni...@vt.edu wrote: > > On Wed, 26 Jul 2017 10:10:53 -0700, Brandon Long via mailop said: >> Why can't smtp software being expected to maintain a list of trusted CAs? >> Or at least run on an OS that is expected to do so. > > Quick: What two CAs did

Re: [mailop] self-signed cert for inbound TLS

If it becomes important, I'm sure it can be done. I mean, you all update your av signatures at least daily, or your spam rules. And whether they would need to follow the browser list or whatever isn't clear, sure. It's early in this stuff for email, maybe DANE will be the solution that catches

Re: [mailop] self-signed cert for inbound TLS

On Wed, 26 Jul 2017 10:10:53 -0700, Brandon Long via mailop said: > Why can't smtp software being expected to maintain a list of trusted CAs? > Or at least run on an OS that is expected to do so. Quick: What two CAs did Google just remove from Chrome's list? Has your OS vendor followed suit?

Re: [mailop] self-signed cert for inbound TLS

I think the key part is not "expect", but actually don't require it. -lem On 26 Jul 2017, at 10:10, Brandon Long via mailop wrote: > Why can't smtp software being expected to maintain a list of trusted CAs? > Or at least run on an OS that is expected to do so.

Re: [mailop] self-signed cert for inbound TLS

On Wed, Jul 26, 2017 at 1:23 AM, Vittorio Bertola < vittorio.bert...@open-xchange.com> wrote: > > Il 25 luglio 2017 alle 22.25 Grant Taylor via mailop ha scritto: > > > On 07/25/2017 09:14 AM, Vladimir Dubrovin via mailop wrote: > > To protect against passive Man-in-the-Middle, there is no actual

Re: [mailop] shutterfly contact?

Hi, Not sure if this is being sent by the ESP... it's coming from 136.179.236.38, which whois tells me is: SWITCH, LTD SWITCH-LTD (NET-136-179-0-0-1) 136.179.0.0 - 136.179.255.255 Shutterfly SHUTTERFLY-236 (NET-136-179-236-0-1) 136.179.236.0 - 136.179.239.255 Thanks, Dave On Mon, 24 Jul

Re: [mailop] self-signed cert for inbound TLS

> Il 25 luglio 2017 alle 22.25 Grant Taylor via mailop ha scritto: > > > On 07/25/2017 09:14 AM, Vladimir Dubrovin via mailop wrote: > > > > To protect against passive Man-in-the-Middle, there is no actual > > difference between the self-signed certificate and certificate