307 digit number factored
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Wed May 23 12:56:51 EDT 2007
On Wed, May 23, 2007 at 06:34:26PM +0200, Florian Weimer wrote:
> * Victor Duchovni:
>
> >> That's good of you not to expect it, given that zero of the major CAs
> >> seem to support ECC certs today, and even if they did, those certs
> >> would not work in IE on XP.
> >
> > We are not talking about this year or next of course. My estimate is
> > that Postfix releases designed this year, ship next year, are picked up
> > by some O/S vendors the year after and shipped perhaps a year after that,
> > then customers take a few years to upgrade, ... So for some users Postfix
> > 2.5 will be their MTA upgrade in 2011 or later. So we need to anticipate
> > future demand by a few years to be current at the time that users begin
> > to use the software.
>
> But no one is issuing certificates which are suitable for use with
> SMTP (in the sense that the CA provides a security benefit). As far
> as I know, there isn't even a way to store mail routing information in
> X.509 certificates.
There is no need to store routing information:
http://www.postfix.org/TLS_README.html#client_tls_limits
http://www.postfix.org/TLS_README.html#client_tls_levels
http://www.postfix.org/TLS_README.html#client_tls_verify
http://www.postfix.org/TLS_README.html#client_tls_secure
The short summary is that full security is only available when the
receiving MX hosts have certs that match the recipient domain, or
the sender is willing to manually (in his MTA configuration) bind the
recipient domain to the subject names (or in 2.5 fingerprints) of the
appropriate MX hosts.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list