[Users] [Bug 2738] Erroneous rotation of SSL certificates
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Fri Sep 28 14:05:32 CEST 2012
> Google represents a new scale of mail server. If I ran
> something that large, I might fly a few canaries too.
There is no difference between huge and huger. In order to comply with
the new greylisting RFCs, Google are going to have to move their
smtp farms behind fewer ips, track connections. Perhaps they
should do the same with their pop and imap services with the added
options of unifying certificates or implement changes much more
succinctly (all do-able). OTOH the certs are all kept in the certs
folder and could be re-used but as certificate revocation and OCSP is
completely insecure, perhaps a warning should simply be changed to
'accept? - note it has been previously accepted'.
p.s. Googles SSL is non standard and breaks servers, a much more
important and silent issue that is hard to troubleshoot by anyone but
them.
--
_______________________________________________________________________
'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'
(Doug McIlroy)
_______________________________________________________________________
More information about the Users
mailing list