smtp.comcast.net self-signed certs

• Previous message (by thread): smtp.comcast.net self-signed certs
• Next message (by thread): smtp.comcast.net self-signed certs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jan 16, 2009, at 8:54 AM, Tony Finch wrote:

> On Fri, 16 Jan 2009, Jeff Mitchell wrote:
>
>> You're right; certificate verification was turned on on my end  
>> simply because
>> I'd never had a reason to turn it off (since in recent times the  
>> majority of
>> my mail goes through their gateway, which has never presented an  
>> invalid
>> certificate to me before).
>
> Message submission is very different to inter-domain SMTP. There's  
> no MX
> indirection, so the TLS certificate actually verifies the correct  
> name,
> and certificate verification is normal on the client, and correct
> certificates are normal on servers. A much better situation.
>
> Tony.

Sure, but, in that case, it's also perfectly valid to load the self- 
signed
root certificate for that SMTP server's cert. chain into the trusted  
roots
set.

Owen

• Previous message (by thread): smtp.comcast.net self-signed certs
• Next message (by thread): smtp.comcast.net self-signed certs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]