On 2023-03-12 07:21:55 +0100, to...@tuxteam.de wrote: > On Sat, Mar 11, 2023 at 11:43:35PM +0100, Vincent Lefevre wrote: > > But what's the point of a certificate in this particular case > > (the server bendel.debian.org does not need to authenticate > > the client)? > > It is just part of the TLS protocol. You might configure your mail > server to present a certificate to its peers. The usual TLS stuff, > just wrapping SMTP.
Yes, but here, that's optional. So I'm wondering whether you really miss anything. Note also that a client certificate may be sent only if it is requested by the server, and if client certificates are requested, then there are issues with some clients: http://www.postfix.org/TLS_README.html#server_vrfy_client -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
