Am 25.09.23 um 22:11 schrieb Viktor Dukhovni via Postfix-users:
... So, unfortunate as it may seem, they just increase opportunities for failure, without adding anything by way of security. ... Client certificates serve no purpose unless the server requests them and knows what to do with them.
Hello Viktor, OK, so far I can follow your arguments. But there is one thing that don't match in that picture: It's how I see Google's outbound servers operate. ¹) If I read my mail archive right, Google use client certificates at least since 2015! If operating SMTP clients with a client certificate is so dangerous and has no value, why would google go that? Andreas ¹) grep 'Trusted TLS connection established from' /var/log/mail | grep '.google.com\[' _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
