In article <caba8r6sc5letes0xvnfpvkwvlcd6abgz-a7s+dljrv-ect_...@mail.gmail.com> you write: >If someone connects to you, they don't send you a cert unless you're >dealing with client certs, and I don't think >DANE covers that at all, though I haven't read through it completely.
The client can present a cert in the TLS handshake if it wants to. Few do and equally few servers check them, but somewhere I have patches for qmail that verify submission clients by the cert they send. Other than the usual horrible problems getting certs installed and configured, it's a great way to do client authentication. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
