Client certificates in emails are not rare, even to the contrary, they are
predominant. The proportion of verifiable client certificates is about the
same proportion of verifiable server certificates.

I think there are a few MTAs that have different config for certificate
presented as a client vs a receiver.

For instance postfix has a different config and says not to use client
certs, I tend to disagree. This advice may have been written in the early
days of STARTTLS. The world has changed, especially after Snowden.

http://www.postfix.org/TLS_README.html#client_cert_key

On Thu, Apr 14, 2016 at 8:23 AM, Al Iverson <aiver...@spamresource.com>
wrote:

> Thanks for that. :)
>
> --
> Al Iverson
> www.aliverson.com
> (312)725-0130
>
>
> On Thu, Apr 14, 2016 at 3:02 AM, Steve Freegard <steve.freeg...@fsl.com>
> wrote:
> >
> > On 14/04/16 00:58, Al Iverson via mailop.org wrote:
> >>
> >> Boo @ designing something so that "FAIL is really nothing is to be
> >> concerned with."
> >>
> >> It's the kind of thing deliverability people will now be spending the
> >> rest of their lives explaining to clients that this big ole FAIL is to
> >> be ignored.
> >>
> >
> > Agreed - which is why it's been changed now.
> >
> > Cheers,
> > Steve.
> >
> >
> > _______________________________________________
> > mailop mailing list
> > mailop@mailop.org
> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to