On Fri, 25 Jul 2014 20:14:14 +0200 BlueStar88 <bluesta...@xenobite.eu> wrote:
>>> I think the server checks, if the peer hostname fits the CN. >> >>It does not. > >It should. Since strictness to a given security level is a) a decision of each >MX node itself and b) must cover both directions in my opinion. Having only >inbound connections covered, is a weak point of relying on security levels at >all. You see, I can't tell Google, to proceed in my direction only if my >certificate chain was walked by them successfully. It's a sort of chicken-egg >problem. I have to correct this: Having only _outbound_ connections covered, is a weak point of relying on security levels at all. BlueStar88
signature.asc
Description: PGP signature
