NHS email encryption
Ian G Batten
ukcrypto at chiark.greenend.org.uk
Tue, 28 Aug 2007 09:30:55 +0100
On 26 Aug 2007, at 22:16, Ian Mason wrote:
>
> It appears to accept STARTTLS correctly from my mailserver, vis:
I've had this in my mail.access file (I'm a sendmail shop):
Try_TLS:smtp.nhs.net NO
since the year dot. I don't think it's totally unreasonable to
refuse opportunistic encryption from people using self-signed
certificates: to the eyes of the uninitiated SSL in that situation
appears to offer authentication when in fact it only offers some
measure of confidentiality.
My memory is that it wouldn't accept my signed-by-a-self-signed-CA
certificates, unlike IanM's experience, but it was a long time ago
that I bumped into this problem.
ian