nanog mailing list archives
Re: Buying and selling root certificates
From: "Robert E. Seastrom" <rs () seastrom com>
Date: 28 Apr 2004 20:19:00 -0400
Sean Donelan <sean () donelan com> writes:
I'm not that interested in SSL for web servers, but I have noticed a gradual increase in the number of mail servers willing to STARTTLS with mine. I was experimenting with trying to verify some of the certificates presented, its not real security, but makes the logs cleaner.
Most of us who are willing to opportunistically do STARTTLS are using self-signed certificates anyway. We do this for many reasons; chief among the reasons I do so are: 1) More encrypted traffic running around the Internet is a _good thing_ 2) Even if the contents of my email is PGP-encrypted, headers and transactions can still be passively monitored and collected. This is sufficient for drawing relationship graphs. Opportunistic TLS fixes this problem. Note that "verifying the identity of the guy on the other end and thus eliminating man-in-the-middle attacks on my email" is not on the list. STARTTLS-capable MTAs vary in their ability to follow certificate chains anyway... ---Rob
Current thread:
- Buying and selling root certificates Sean Donelan (Apr 28)
- Re: Buying and selling root certificates Robert E. Seastrom (Apr 28)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 28)
- Re: Buying and selling root certificates Scott Francis (Apr 28)
- Re: Buying and selling root certificates Iljitsch van Beijnum (Apr 29)
- Re: Buying and selling root certificates Robert M. Enger (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 29)
- Re: Buying and selling root certificates Valdis . Kletnieks (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 28)
- Re: Buying and selling root certificates Robert E. Seastrom (Apr 28)
- Re: Buying and selling root certificates Randy Bush (Apr 28)