Re: ESMTP extension (was: Re: Encrypted connection from mta to mta?)
- Zitat von Bernhard Rohrer <graylion@...>:
> This gave me an idea:This does not add any benefit or security. There is no way for the
> what do people think about an ESMTP extension that enforces TLS?
> MTA1 ----------> MTA2 ---------> MTA3
> TLS TLS
> with the idea of having an X-header that basically says "do not
> forward if no TLS available"
> so MTA1 sends to MTA2 encrypted. MTA2 reads that header and says
> EHLO to MTA3. If MTA3 does not reply with TLS, MTA2 retunrs an NDR
> to MTA1 with "could not deliver, TLS not available". The big problem
> that I see is backward compatibility - one would need a ehlo flag
> that signifies this capability in order to enable MTA1 not to send
> to MTA2 if MTA2 was not able to recognize the header.
sender to see if the receiving MTA is lying and ditch the header or
does nothing with it at all. If you need secure/authenticated e-mail
have a look at S/MIME and PGP for example at