On Thu, Nov 20, 2008 at 03:48:32PM +0000, Mark Watts wrote:
> > The first cipher has no authentication mechanism in the SSL handshake,
> > so you get encryption only, no authentication. The second cipher makes
> > authentication "possible", but you can still (and typically do) ignore the
> > peer certificate. So in practice the two ciphers offer the same security,
> > provided you are not going to reject unauthenticated connections when
> > sending email to the domain in question.
>
> Do people typically use SASL authentication insted of certificate checking?
You are confusing authenticating users for submission access with
authenticating the destination server for channel integrity.
This is the difference between web-site login forms and HTTPS server
certificate checks.
I don't want to sidetrack into client certs vs SASL login in this thread.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
