Andreas Schulze:
> Am 23.12.2013 13:13 schrieb Wietse Venema:
> > Please check out the updated text at
> > http://www.porcupine.org/postfix-mirror/FORWARD_SECRECY_README.html#quick-start
> >
> > This clarifies what is/isn't optional and why one might want to
> > make some change. Only those who want the gory details should
> > have to consume the entire document.
> I read up to the bottom. I find the Untrusted/Trusted/Verified
> explanation very usefull. But I'm still unsure about what an SMTP
> client could do to change a remote servers state from Trusted to
> Verified.
The text says:
Trusted (peer certificate signed by trusted CA, unverified peer name)
Verified (peer certificate signed by trusted CA, verified peer name)
The difference is that the client verifies that the name(s) in the
certificate match with the name of the host that the client wanted
to connect to.
TLS_README goes into the details of verification.
> (or what's wrong on a server that is only Trusted but not Verified)
You could be talking to the wrong server, some man in the middle,
or anything else than the desired host.
Wietse
