15 Jan
2015
15 Jan
'15
6:10 p.m.
On Thu, Jan 15, 2015 at 05:56:21PM +0100, Michael Str?der wrote:
Many people do not consider e.g. client certs for authenticating the client to be necessary for establishing the encrypted channel. Also there's currently standard defining how the name check should be done for client certs. IMO client certs could be helpful to fight spam.
They can't be helpful for that. They can only be helpful for whitelists.
Nobody is going to set the evil bit on their own packets:
https://tools.ietf.org/html/rfc3514
despite the above RFC.
--
Viktor.