On Tue, 04 Feb 2003 09:05:17 EST, Daniel Senie said:
This is, IMO, unworkable in the near term. While I support and promote the use of TLS with SMTP (and POP), requiring client certs is likely too cumbersome for users to manage at this stage. Using STARTTLS to transition clients to an encrypted connection works exceptionally well. The server does need a cert, but the users are identifying with a methodology they understand, usernames and passwords.
I've personally been advocating setting up Sendmail with a self-signed certificate and opportunistic STARTTLS. Yes, I know it's not immune to man-in-the-middle attacks - but it's *quite* sufficient to stop passive sniffing of userids/passwords/text. And it doesn't require much infrastructure.
The question this raises is whether you're concerned about MTA to MTA communication, or MUA to MTA? I'd be happy to see certs in use for MTA-MTA (and indeed support this today on my systems when talking to other MTAs which are using STARTTLS). However, there are definitely reasons why this
One of my hosts (a fair-sized Listserv server) sent out some 278K connections to other sites yesterday. Of the 3,453 domains it talked to, 123 were willing to do STARTTLS, for a deployment rate of 3.5%. Unfortunately, working across connections, only 0.53% used it. If the 10 busiest sites we talked to deployed STARTTLS, it would jump to some 27% of the traffic. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech