[110770] in North American Network Operators' Group
Re: smtp.comcast.net self-signed certs
daemon@ATHENA.MIT.EDU (Tony Finch)
Fri Jan 16 11:55:06 2009
Date: Fri, 16 Jan 2009 16:54:52 +0000
From: Tony Finch <dot@dotat.at>
To: Jeff Mitchell <jeff@emailgoeshere.com>
In-Reply-To: <4970B857.2090407@emailgoeshere.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Fri, 16 Jan 2009, Jeff Mitchell wrote:
> You're right; certificate verification was turned on on my end simply because
> I'd never had a reason to turn it off (since in recent times the majority of
> my mail goes through their gateway, which has never presented an invalid
> certificate to me before).
Message submission is very different to inter-domain SMTP. There's no MX
indirection, so the TLS certificate actually verifies the correct name,
and certificate verification is normal on the client, and correct
certificates are normal on servers. A much better situation.
Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
PORTLAND PLYMOUTH: SOUTHWEST 5 TO 7, INCREASING GALE 8 AT TIMES. ROUGH,
OCCASIONALLY VERY ROUGH IN PLYMOUTH. RAIN OR SHOWERS. MODERATE OR GOOD,
OCCASIONALLY POOR.
