We have implemented a TLS Certificate(by Symantec) with our Mail
Servers. Now how can I make sure that Mail Servers of a few other
organizations that uses TLS(by CA), and my Mail Servers always
communicate securely using Certificate.
Do we need to exchange the certificates ?
sharfuddin’s Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=49663
Sharfuddin,[color=blue]
Do we need to exchange the certificates ?[/color]
No.
–
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms
On 13/01/2014 07:24, sharfuddin wrote:[color=blue]
We have implemented a TLS Certificate(by Symantec) with our Mail
Servers. Now how can I make sure that Mail Servers of a few other
organizations that uses TLS(by CA), and my Mail Servers always
communicate securely using Certificate.Do we need to exchange the certificates ?[/color]
No, but be aware the easiest MITM attack is to just mask the initial
STARTTLS capability in the EHLO response; opportunistic TLS will then
not bother to start an encrypted session, and send the whole thing in
plaintext. This of course requires MITM interception of the session
though, rather than passive data monitoring.
Few if any email servers enforce TLS, and some (like GWIA, last I
looked) don’t even check the certificate…