Alexander Leidinger via Gnupg-users wrote:
[...]
I don't remember if there was a challenge/response or not. As I still
have the email with the signed key, I can tell that the signature can
arrive via a TLS encrypted SMTP channel directly from governicus (and
they have a SPF setup but not DKIM):
---snip---
Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer "VPR-BOS004.dmz.bosnetz.de"
(not verified))
---snip---
Am I misreading that header or does Governikus' outgoing SMTP have a
self-signed client certificate for 'VPR-BOS004.dmz.bosnetz.de'? That
does not inspire confidence...
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
