SSL certificates for SMTP
Paul Hoffman
paul.hoffman at vpnc.org
Wed May 23 15:07:12 EDT 2007
At 6:34 PM +0200 5/23/07, Florian Weimer wrote:
>* Victor Duchovni:
>
>>> That's good of you not to expect it, given that zero of the major CAs
>>> seem to support ECC certs today, and even if they did, those certs
>>> would not work in IE on XP.
>>
>> We are not talking about this year or next of course. My estimate is
>> that Postfix releases designed this year, ship next year, are picked up
>> by some O/S vendors the year after and shipped perhaps a year after that,
>> then customers take a few years to upgrade, ... So for some users Postfix
>> 2.5 will be their MTA upgrade in 2011 or later. So we need to anticipate
>> future demand by a few years to be current at the time that users begin
>> to use the software.
>
>But no one is issuing certificates which are suitable for use with
>SMTP (in the sense that the CA provides a security benefit).
No one? I thought that VeriSign and others did, at least a few years ago.
> As far
>as I know, there isn't even a way to store mail routing information in
>X.509 certificates.
Why would you need to? SMTP-over-TLS only identifies the system to
whom you are speaking. No routing inforation is needed or wanted.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list