It appears that Filippo Valsorda <fili...@ml.filippo.io> said: >I'm sorry, I am losing track. Sounds like mutual TLS in SMTP was already not a >thing *before* the policy change, except for one vendor, then?
I don't know why this keeps coming up. SMTP does not do mutual authentication, and never has. SMTP servers present a certificate after a STARTTLS command, clients do not. Sometimes the clients check the server certificate (TLSA or MTA-STS) but more often not. Mail submission, which is not the same as SMTP (ports 465 and 587) occasionally uses client certs but the normal scenario there is for the server to distribute privately signed certs to the clients so it need only check that it sees its own signature. I can say this with reasonable certainty having written my share of SMTP server and client software and worked on the current updates to the SMTP standards. R's, John PS: As far as I can tell this confusion comes from people misreading 40 year old sendmail documentation. So don't do that. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
