Ben wrote:

Lucky Green wrote:

...

I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security.

This is probably a stupid question, but... why would you want to do this?

To protect against MIM attacks on the encrypted tunnel between the trust domains represented by my friend's MTA and my MTA. --Lucky Green