On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | >I also agree that current MTAs' implementations of STARTTLS are only a | >first step. At least in postfix, the only MTA with which I am | >sufficiently familiar to form an opinion, it appears impossible to | >require that certs presented by trusted parties match a particular hash | >while certs presented by untrusted MTAs can present any certificate they | >desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume