From owner-freebsd-questions@FreeBSD.ORG Mon Jan 27 07:40:52 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B37CC551 for ; Mon, 27 Jan 2014 07:40:52 +0000 (UTC) Received: from mail-ea0-x235.google.com (mail-ea0-x235.google.com [IPv6:2a00:1450:4013:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4C9F41A15 for ; Mon, 27 Jan 2014 07:40:52 +0000 (UTC) Received: by mail-ea0-f181.google.com with SMTP id m10so2114163eaj.12 for ; Sun, 26 Jan 2014 23:40:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=rs371c3ZIfok3vECBndIZchyLUWdmNN276dY9xXgbio=; b=GxdLtQ2J+P++8QBQOTc8PI90+ayCENcBn/P9uJrlaZPyp52yT+2lGKjaTTlRNORuck AE259y0WvbXtBI5Ehlmh7ru3OgaqZR5m1VW2AIbXg0tiJl/gOw2FUdH/tJpxNX+y1WhV aVbnY/jkXFFXkoljHK7DhyLbP+0A8CbLf9P6VyyqIV8OeJ2djwFA+lxsg9nLafU9qkww CYcpknFCgLNbte04jgNuVH7B6mW6KXksz8FT+s0svzwGsm2cTgNx1ivxmdnIq16o4eFz 039n0NooTsp+S6eh0VB4VDq10ikC3yKQrkoZNHrma6WamqYdcIhYgkd3JSJiFHEBptGX HkdQ== MIME-Version: 1.0 X-Received: by 10.14.198.6 with SMTP id u6mr33367een.113.1390808450157; Sun, 26 Jan 2014 23:40:50 -0800 (PST) Received: by 10.15.102.76 with HTTP; Sun, 26 Jan 2014 23:40:50 -0800 (PST) In-Reply-To: <52E60AA0.8080904@FreeBSD.org> References: <52E5C7D3.8050703@bsdbox.co> <52E60AA0.8080904@FreeBSD.org> Date: Mon, 27 Jan 2014 02:40:50 -0500 Message-ID: Subject: Re: Sendmail Error at Boot From: Robert Simmons To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jan 2014 07:40:52 -0000 On Mon, Jan 27, 2014 at 2:28 AM, Matthew Seaman wrote: > On 27/01/2014 03:19, Robert Simmons wrote: >> Why is this not part of the install? > > Sendmail in base doesn't come configured to use TLS by default, although > the appropriate capabilities are compiled in to the binaries. > > I've no idea why enabling TLS isn't the default -- seems like a > no-brainer in this day and age. It would require generating a key and > (self-signed) cert on first startup after installation, much like the > way SSH keys are generated, but so long as the problems with startup > entropy availability have been satisfactorily sorted out (which I > believe they have) I can't see any huge problem with that. Thanks for the explanation. I agree with the no-brainer. Last week the keynote at ShmooCon was Ian Golberg, and one of the main points of his talk was that nothing should ever be sent over a network in plaintext from now on. And there should not be a choice of two protocol versions, one encrypted and one plaintext, because a non-zero number of users will choose plaintext.