[Cryptography] Facebook on the state of STARTTLS
Viktor Dukhovni
cryptography at dukhovni.org
Mon May 19 14:49:03 EDT 2014
On Mon, May 19, 2014 at 02:29:47PM -0400, Phillip Hallam-Baker wrote:
> > I am pleased they posted the report, and would like to see more
> > reports like this going forward. I am somewhat disappointed it
> > appears to support the fallacy that somehow PKIX authentication is
> > applicable to SMTP and thus aplauds the fact that some SMTP servers
> > throw away money on public CA signed certificates, when opportunistic
> > TLS, or no TLS is required in their absense, and even their presence
> > cannot usefully preclude active attacks.
>
> Cost of a CA issued certificate = $50 /year [Comodo cheap SSL]
My point is not that the CA certs are expensive in this case, they
could well in have been priced quite reasonably, rather the issue
is that even at $0.01 they are entirely futile for SMTP. So whether
you spend $0.01 or $1,000.00 you still get nothing.
--
Viktor.
More information about the cryptography
mailing list