• Evgeniy Berdnikov via Exim-users [2023-03-29 11:22]: > On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote: > > I understand it might help a little bit to require TLS, but without > > verficiation that a certificate is valid, TLS requirement is not such > > a big win, is it? > > Depends on your aims. Pure encryption is one level of security, > protection against MitM attacks is another level.
Exactly. The former preventing passive data collection, the later -- active. Still, if *I* were to state a legal requirement that certain domains use TLS, I'd also ask for verification either via TLS or DANE, because just TLS is a very small win. > > I too have a transport that would require TLS for certain sending > > domains, but I haven't yet required TLS verification, because it often > > breaks.... So there we are... > > Probably you haven't yet clear understanding of your own needs. I was just doing an experiment setting up a domain that would require TLS for receiving and TLS for sending, and ideally I'd want verification when sending, but we aren't there yet. K. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
