From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp26.services.sfr.fr ([93.17.128.216]) by ewsd; Mon Jul 20 10:47:12 EDT 2020
X-mail-filterd: 0.5.0
X-sfr-mailing: LEGIT
X-sfr-spamrating: 40
X-sfr-spam: not-spam
Received: from cauchy.polynum.local (89.121.198.77.rev.sfr.net [77.198.121.89])
	by msfrf2640.sfr.fr (SMTP Server) with ESMTP id 9B7EE1C00041A
	for <9front@9front.org>; Mon, 20 Jul 2020 16:46:56 +0200 (CEST)
Received: from cauchy.polynum.local (89.121.198.77.rev.sfr.net [77.198.121.89])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by msfrf2640.sfr.fr (SMTP Server) with ESMTPS
	for <9front@9front.org>; Mon, 20 Jul 2020 16:46:56 +0200 (CEST)
Received: from cauchy.polynum.local (localhost [127.0.0.1])
	by cauchy.polynum.local (8.15.2/8.15.2) with ESMTPS id 06KEksja002638
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
	for <9front@9front.org>; Mon, 20 Jul 2020 16:46:54 +0200 (CEST)
Received: (from tlaronde@localhost)
	by cauchy.polynum.local (8.15.2/8.14.9/Submit) id 06KEksno002227
	for 9front@9front.org; Mon, 20 Jul 2020 16:46:54 +0200 (CEST)
X-Authentication-Warning: cauchy.polynum.local: tlaronde set sender to thierry.laronde@sfr.fr using -f
Date: Mon, 20 Jul 2020 16:46:54 +0200
From: tlaronde@polynum.com
To: 9front@9front.org
Subject: Re: [9front] patch smtp: ignore unrecognized certificates
Message-ID: <20200720144654.GA1570@polynum.com>
References: <CAFSF3XPgh7n-cQMaX7+gaGhxc5G7bwn+-8V3RuvsL+vxB_S4uQ@mail.gmail.com>
 <CE71F0B66CA1C9ACF34392A60895465B@eigenstate.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CE71F0B66CA1C9ACF34392A60895465B@eigenstate.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: STM property YAML over XMPP DOM realtime-based optimizer 

On Mon, Jul 20, 2020 at 07:26:08AM -0700, ori@eigenstate.org wrote:
> > whoever manually adds the certificates sometimes (Ori, do you?), do
> > you really check their validity?
> 
> I run my own mail server, so the certificates don't change. I assume
> that the first time I connect, it's valid.
> 
> How often do these certificates change?

It can be quite often. I have a certificate made via cacert.org for
example. And I have to renew it regularily. I think that
certificates with too long TTL are considered weak. So it's an
annoyance.
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                       http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C