self-signed certs

Owen DeLong owen at
Fri Jan 16 17:27:48 UTC 2009

On Jan 16, 2009, at 8:54 AM, Tony Finch wrote:

> On Fri, 16 Jan 2009, Jeff Mitchell wrote:
>> You're right; certificate verification was turned on on my end  
>> simply because
>> I'd never had a reason to turn it off (since in recent times the  
>> majority of
>> my mail goes through their gateway, which has never presented an  
>> invalid
>> certificate to me before).
> Message submission is very different to inter-domain SMTP. There's  
> no MX
> indirection, so the TLS certificate actually verifies the correct  
> name,
> and certificate verification is normal on the client, and correct
> certificates are normal on servers. A much better situation.
> Tony.

Sure, but, in that case, it's also perfectly valid to load the self- 
root certificate for that SMTP server's cert. chain into the trusted  


More information about the NANOG mailing list