[Cryptography] Facebook on the state of STARTTLS
Eric Mill
eric at konklone.com
Tue May 20 11:36:45 EDT 2014
On Mon, May 19, 2014 at 2:49 PM, Viktor Dukhovni
<cryptography at dukhovni.org>wrote:
> On Mon, May 19, 2014 at 02:29:47PM -0400, Phillip Hallam-Baker wrote:
>
> > > I am pleased they posted the report, and would like to see more
> > > reports like this going forward. I am somewhat disappointed it
> > > appears to support the fallacy that somehow PKIX authentication is
> > > applicable to SMTP and thus aplauds the fact that some SMTP servers
> > > throw away money on public CA signed certificates, when opportunistic
> > > TLS, or no TLS is required in their absense, and even their presence
> > > cannot usefully preclude active attacks.
> >
> > Cost of a CA issued certificate = $50 /year [Comodo cheap SSL]
>
> My point is not that the CA certs are expensive in this case, they
> could well in have been priced quite reasonably, rather the issue
> is that even at $0.01 they are entirely futile for SMTP. So whether
> you spend $0.01 or $1,000.00 you still get nothing.
>
Could you explain why CA certs are futile for SMTP? It's not immediately
obvious to me. (I'm new to STARTTLS, have never configured it.)
-- Eric
>
> --
> Viktor.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140520/e7c30005/attachment.html>
More information about the cryptography
mailing list