Lucky Green wrote: > I also agree that current MTAs' implementations of STARTTLS are only a > first step. At least in postfix, the only MTA with which I am > sufficiently familiar to form an opinion, it appears impossible to > require that certs presented by trusted parties match a particular hash > while certs presented by untrusted MTAs can present any certificate they > desire to achieve EDH-level security.
This is probably a stupid question, but... why would you want to do this? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
