Marc Haber <mh+debian-de...@zugschlus.de> writes: > Russ Allbery <r...@debian.org> wrote: >> Marc Haber <mh+debian-de...@zugschlus.de> writes:
>>> Certificates are usually only used in E-Mail when a server authenticates >>> itself to a client before the client sends its authentication data. SMTP >>> with client certificates is possible, but I have only seen this two >>> times in 15 years of running E-Mail servers. >> All mail servers I run are configured with TLS certificates because >> that's how you encrypt SMTP traffic between servers. > That's not a contradiction to what I have written. You said that certificates are usually only used in e-mail when a server authenticates itself to a client. That's the statement with which I'm partly disagreeing. I run multiple mail servers (and Stanford University runs quite a few more) that have TLS certificates that have nothing to do with authentication. TLS certificates are a poor authentication system unless you restrict them to only CAs under your control, but they're great as an easy way of configuring effectively anonymous encryption. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87li6sfblk....@windlord.stanford.edu
