Date: Mon, 27 Jan 2014 02:40:50 -0500 From: Robert Simmons <rsimmons0@gmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Sendmail Error at Boot Message-ID: <CA%2BQLa9B2XyzoD=Z0bFKxqtL65iHeudLCLqoBipWNdjncXfU9og@mail.gmail.com> In-Reply-To: <52E60AA0.8080904@FreeBSD.org> References: <CA%2BQLa9Dsy=%2B4KQ%2B8MQTS4iHh9r=fN_shNPD5Fngw4ww1xO%2Bi6w@mail.gmail.com> <52E5C7D3.8050703@bsdbox.co> <CA%2BQLa9Dd_BFVJ0V37gLyDuhf4z98%2BGVQt71B3bp6y19qW6uP4A@mail.gmail.com> <52E60AA0.8080904@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 27, 2014 at 2:28 AM, Matthew Seaman <matthew@freebsd.org> wrote: > On 27/01/2014 03:19, Robert Simmons wrote: >> Why is this not part of the install? > > Sendmail in base doesn't come configured to use TLS by default, although > the appropriate capabilities are compiled in to the binaries. > > I've no idea why enabling TLS isn't the default -- seems like a > no-brainer in this day and age. It would require generating a key and > (self-signed) cert on first startup after installation, much like the > way SSH keys are generated, but so long as the problems with startup > entropy availability have been satisfactorily sorted out (which I > believe they have) I can't see any huge problem with that. Thanks for the explanation. I agree with the no-brainer. Last week the keynote at ShmooCon was Ian Golberg, and one of the main points of his talk was that nothing should ever be sent over a network in plaintext from now on. And there should not be a choice of two protocol versions, one encrypted and one plaintext, because a non-zero number of users will choose plaintext.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9B2XyzoD=Z0bFKxqtL65iHeudLCLqoBipWNdjncXfU9og>