On Wed, July 22, 2009 23:45, Noel Jones wrote: > Benny Pedersen wrote: >> what does others do if remote have a self signed ssl key, accept it ? > Yes, accept it. Opportunistic TLS does not imply more trust > than a non encrypted connection; you're willing to make a > non-encrypted connection to that client. TLS in this case > indicates encryption, but not authentication.
yes this is clear to me its is so, but i dont know why self signed ssl is being used so much when there is plenty of good trusted signers :/ well it took me a bit time to make my own ssl key, but it was fun try it to find all how to setup all ssl tls in postfix dovecot apache, at first i did not belive i could make it, but now i am there using cacert as signer, so far no problem > The usual reason for a purchased certificate on a mail server > is so users don't get an error when submitting mail without > you providing them the certificate or telling them to ignore > the certificate error message. this problem can also be a big iretating problem for windows clients to know how to use a self signed ssl key, thats why i try to use cacert basicly, but its still gives problems :( in ubuntu firefox my key works as is but firefox on windows no go, how do i debug it to find if i have made the problem self ? -- xpoint
