On 07/27/2017 01:44 PM, Dave Warren wrote: >> >> "Even if it were generally possible to determine a secure server name, >> the SMTP client would still need to verify that the server's >> certificate chain is issued by a trusted CA (a trust anchor). >> > > I've never understood why this is a special challenge in the SMTP world, > it's generally a solved problem for HTTPS, XMPP, and various other > protocols. >
The practical reason is that unencrypted SMTP has to work if you want to be able to communicate with the world. So, adding a second more-secure channel *in addition to* the existing unsecured channel doesn't really gain you anything. If someone connects to me and I don't like his CA, he can fall back to plain text and I have to allow it (because of the bajillions of people who don't do TLS over SMTP at all). Doing TLS but without a trust chain is a nice compromise that lets us encrypt the channel opportunistically, and doesn't discourage the participants who would otherwise be put off by the trust chain issues. This differs from e.g. HTTP in that a website can unilaterally make a decision to go HTTPS-only and be fine, but your mail server can't unilaterally decide that it will only accept mail from people with a certificate that you approve of. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
