From: Steffen Nurpmeso <sdaoden@yandex.com>
To: 9front@9front.org
Subject: Re: [9front] patch smtp: ignore unrecognized certificates
Date: Tue, 21 Jul 2020 00:00:16 +0200 [thread overview]
Message-ID: <20200720220016.lADRh%sdaoden@yandex.com> (raw)
In-Reply-To: <BC75BC74DEF132FCD6A0F1C7E3D9FCEC@felloff.net>
cinap_lenrek@felloff.net wrote in
<BC75BC74DEF132FCD6A0F1C7E3D9FCEC@felloff.net>:
|
|for servers like your isp's or your networks forwarding mailserver
|(machines that you have direct relation or control over), it makes
|sense to pin certificates or public key. this is where you use
|smtps, instead of this insecure STARTTLS contraption.
In November 2019 they waved through RFC 8689:
SMTP Require TLS Option
Abstract
The SMTP STARTTLS option, used in negotiating transport-level
encryption of SMTP connections, is not as useful from a security
standpoint as it might be because of its opportunistic nature;
message delivery is, by default, prioritized over security. This
document describes an SMTP service extension, REQUIRETLS, and a
message header field, TLS-Required. If the REQUIRETLS option or TLS-
Required message header field is used when sending a message, it
asserts a request on the part of the message sender to override the
default negotiation of TLS, either by requiring that TLS be
negotiated when the message is relayed or by requesting that
recipient-side policy mechanisms such as MTA-STS and DNS-Based
Authentication of Named Entities (DANE) be ignored when relaying a
message for which security is unimportant.
P.S.: several times i tried to contact Stanley Lieber in the past,
but never got a response. If this mail gets through (quite some
did not in the past), would you mind changing my address to
steffen@@sdaoden.eu, please? Thank you!!
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
next prev parent reply other threads:[~2020-07-20 22:00 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <aee5c8d2-ef2b-4ef2-8594-e6786cbd6e2e@sirjofri.de>
2020-07-19 9:43 ` Joel Fridolin Meyer
2020-07-20 14:05 ` [9front] " ori
2020-07-20 14:20 ` hiro
2020-07-20 14:26 ` ori
2020-07-20 14:46 ` tlaronde
2020-07-20 14:52 ` ori
2020-07-20 15:05 ` tlaronde
2020-07-20 15:09 ` ori
2020-07-20 15:32 ` hiro
2020-07-21 6:55 ` cinap_lenrek
2020-07-20 16:18 ` cinap_lenrek
2020-07-20 17:16 ` Joel Fridolin Meyer
2020-07-20 22:00 ` Steffen Nurpmeso [this message]
2020-07-20 22:05 ` ori
2020-07-20 22:19 ` Kurt H Maier
2020-07-21 13:02 ` Steffen Nurpmeso
2020-07-20 22:07 ` ori
2020-07-21 13:46 ` Steffen Nurpmeso
2020-07-29 7:32 ` sirjofri+ml-9front
2020-07-29 8:04 ` hiro
2020-08-01 10:01 ` cinap_lenrek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200720220016.lADRh%sdaoden@yandex.com \
--to=sdaoden@yandex.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).