thorso...@lavabit.com: > "Because you sign your own Postfix public key certificate, you get TLS > encryption but no TLS authentication." [0] > > Could you explain the above?
Assuming that you're referring to server certificates, the session
will be TLS encrypted, but the client won't know if it is talking
to the real server, or to some man-in-the-middle.
To authenticate the server, the client needs a copy of the public
key that was used to sign the server public key certificate.
Wietse
