[openssl-users] OpenSSL version 1.1.0 pre release 6 published

Jakob Bohm jb-openssl at wisemo.com
Fri Aug 5 05:35:05 UTC 2016


On 05/08/2016 04:51, Viktor Dukhovni wrote:
> On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
>
>> I haven't read that proposal, but if the HTTPS server has to use the
>> same host name as the SMTPS server, then the SMTPS server could just
>> use the certificate directly.
> There is at best a very tenuous analogy between TLS for HTTP and TLS
> for SMTP.  So your suggestions miss the mark, unfortunately. :-(
>
> First and forement TLS in SMTP is opportunistic, and compounding
> that the destination hosts are discovered indirectly via MX records.
> For a more detailed exposition, see:
Hence my other suggestions about how to incorporate rules
based on the RCPT TO domain name matching if that is what
said proposal is doing (from what you wrote previously, it
couldn't safely connect to any random https server
mentioned in an unsigned TXT record).
>      https://tools.ietf.org/html/rfc7672#section-1.3
>
> [ Or just take my word for it, you are likely busy enough with
>    other things that I know very little about. ]
>

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list