Hi,
thanks to all that answered my question. I guess I'm going one MTA with ECC
only and one with RSA certificate and keep an eye on the logs. Inbound-problems
should either reflect in the TLS reports or the plaintext delivery should rise
and outbound delivery should generate errors/NDRs.
Dual
Viktor Dukhovni via mailop wrote:
> On Mon, Nov 18, 2024 at 01:08:19PM +, Gellner, Oliver via mailop wrote:
>> On 18.11.2024 at 13:33 Fehlauer, Norbert via mailop wrote:
>>> is using ECC certificates for SMTP TLS (sending/receiving) something
>>> thats a common thing nowadays or does that inv
On 18. novembra 2024 12:33:07 UTC, "Fehlauer, Norbert via mailop"
wrote:
>Hi all,
>
>is using ECC certificates for SMTP TLS (sending/receiving) something thats a
>common thing nowadays or does that involes the risk of not being reached via
>SMTP TLS at all from the majority of senders?
In most
It appears that Michael Peddemors via mailop said:
>However, not sure you should use pipelining .. Given that almost every
>system out there now does inline rejection, at various SMTP verbs,
>pipelining is not helping your cause..
I think you're misunderstanding how pipelining works. It just l
On 18.11.2024 at 13:33 Fehlauer, Norbert via mailop wrote:
> is using ECC certificates for SMTP TLS (sending/receiving) something thats a
> common thing nowadays or does that involes the risk of not being reached via
> SMTP TLS at all from the majority of senders?
This is a certificate currently
On Mon, Nov 18, 2024 at 01:08:19PM +, Gellner, Oliver via mailop wrote:
> On 18.11.2024 at 13:33 Fehlauer, Norbert via mailop wrote:
> > is using ECC certificates for SMTP TLS (sending/receiving) something
> > thats a common thing nowadays or does that involes the risk of not
> > being reached
Geert Hendrickx via mailop skrev den 2024-11-18 17:16:
just for your info:
Authentication-Results mx.junc.eu (amavisd-new); dkim=fail reason="fail
(bad Ed25519 signature)" header.d=hendrickx.be header.b="2WYN/UVz";
dkim=fail (2048-bit key) reason="fail (message has been altered)"
header.d=hen
On Mon, Nov 18, 2024 at 05:16:44PM +0100, Geert Hendrickx via mailop wrote:
> I think most of those, at least including gmail.com, use dual (ECC+RSA)
> certs, typically with preference for ECC, so "support ECC" doesn't mean
> "not support RSA".
Indeed I have little visibility on dual cert servers
Hi all,
is using ECC certificates for SMTP TLS (sending/receiving) something thats a
common thing nowadays or does that involes the risk of not being reached via
SMTP TLS at all from the majority of senders?
Regards
Norbert
smime.p7s
Description: S/MIME cryptographic signature
___
I've used ECC certificates for years and have had no problems whatsoever.
On Mon, 18 Nov 2024 at 14:38, Fehlauer, Norbert via mailop
wrote:
>
> Hi all,
>
>
>
> is using ECC certificates for SMTP TLS (sending/receiving) something thats a
> common thing nowadays or does that involes the risk of no
On Tue, Nov 19, 2024 at 00:48:48 +1100, Viktor Dukhovni via mailop wrote:
> Top 10 TLS protocol/cipher/cert choices among DANE MX hosts seen by the
> survey (https://stats.dnssec-tools.org):
>
> 30421 TLS 1.3 with TLS_AES_256_GCM_SHA384,X25519,PubKeyALG_RSA
> --> 3738 TLS 1.3 with
On Mon, Nov 18, 2024 at 03:02:59PM +0100, Michael Grimm via mailop wrote:
> > +1. Saving a few bytes transmitting certs is not that compelling with
> > SMTP, so there's a reasonable case for sticking with RSA.
>
> Or provide both RSA and ECC certificates if the MTA in question supports it
> [1]
Hello,
That log is about a DKIM fail, not linked with a TLS certificate issue I think.
JB
-Message d'origine-
De : mailop De la part de Benny Pedersen via mailop
Envoyé : Monday, November 18, 2024 5:43 PM
À : mailop@mailop.org
Objet : Re: [mailop] ECC Certificate for SMTP TLS
Caution!
Hi all,
From personal experience I can tell you that several Danish governmental
agencies only use RSA certificates.
Best,
Bo
On 18 Nov 2024, at 18.32, LANEL, JEAN BAPTISTE via mailop
wrote:
Hello,
That log is about a DKIM fail, not linked with a TLS certificate issue I think.
JB
14 matches
Mail list logo
