nanog mailing list archives
Re: smtp.comcast.net self-signed certs
From: Tony Finch <dot () dotat at>
Date: Fri, 16 Jan 2009 16:54:52 +0000
On Fri, 16 Jan 2009, Jeff Mitchell wrote:
You're right; certificate verification was turned on on my end simply because I'd never had a reason to turn it off (since in recent times the majority of my mail goes through their gateway, which has never presented an invalid certificate to me before).
Message submission is very different to inter-domain SMTP. There's no MX indirection, so the TLS certificate actually verifies the correct name, and certificate verification is normal on the client, and correct certificates are normal on servers. A much better situation. Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ PORTLAND PLYMOUTH: SOUTHWEST 5 TO 7, INCREASING GALE 8 AT TIMES. ROUGH, OCCASIONALLY VERY ROUGH IN PLYMOUTH. RAIN OR SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.
Current thread:
- smtp.comcast.net self-signed certs Jeff Mitchell (Jan 15)
- Re: smtp.comcast.net self-signed certs Florian Weimer (Jan 16)
- Re: smtp.comcast.net self-signed certs Adrian Chadd (Jan 16)
- Re: smtp.comcast.net self-signed certs Florian Weimer (Jan 16)
- Re: smtp.comcast.net self-signed certs Tony Finch (Jan 16)
- Re: smtp.comcast.net self-signed certs Jeff Mitchell (Jan 16)
- Re: smtp.comcast.net self-signed certs Tony Finch (Jan 16)
- Re: smtp.comcast.net self-signed certs Owen DeLong (Jan 16)
- Re: smtp.comcast.net self-signed certs Eric Tow (Jan 16)
- Re: smtp.comcast.net self-signed certs Jeff Mitchell (Jan 16)
- Re: smtp.comcast.net self-signed certs Adrian Chadd (Jan 16)
- Re: smtp.comcast.net self-signed certs Florian Weimer (Jan 16)