smtp.comcast.net self-signed certs

Tony Finch dot at dotat.at
Fri Jan 16 10:54:52 CST 2009


On Fri, 16 Jan 2009, Jeff Mitchell wrote:

> You're right; certificate verification was turned on on my end simply because
> I'd never had a reason to turn it off (since in recent times the majority of
> my mail goes through their gateway, which has never presented an invalid
> certificate to me before).

Message submission is very different to inter-domain SMTP. There's no MX
indirection, so the TLS certificate actually verifies the correct name,
and certificate verification is normal on the client, and correct
certificates are normal on servers. A much better situation.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
PORTLAND PLYMOUTH: SOUTHWEST 5 TO 7, INCREASING GALE 8 AT TIMES. ROUGH,
OCCASIONALLY VERY ROUGH IN PLYMOUTH. RAIN OR SHOWERS. MODERATE OR GOOD,
OCCASIONALLY POOR.




More information about the NANOG mailing list