[Apologies for duplicate e-mails] Dear Colleagues, After our successful implementation testing of Transport Layer Security (TLS) over the last few months, we will be implementing TLS on our external mail exchanges (MXs). We will upgrade our mail server software on 8 January 2007, followed by implementation of TLS on 10 January 2007. If you experience problems with mail delivery to the RIPE NCC after the implementation, please send a e-mail to ops@ripe.net. To do this, however, you might have to disable TLS on your MX server or send the email from a MX server that does not have TLS enabled. Regards, Brian Riddle IT Manager RIPE NCC
Hi, On Wed, Dec 20, 2006 at 10:39:58AM +0100, Brian Riddle wrote:
After our successful implementation testing of Transport Layer Security (TLS) over the last few months, we will be implementing TLS on our external mail exchanges (MXs).
We will upgrade our mail server software on 8 January 2007, followed by implementation of TLS on 10 January 2007.
Cool :) Did you experience any specific problems in your preparational tests, like "if mail comes from XYZ-MTA version 7.12, and the receipient MX announces TLS, it *will* fail, all the time"? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 98999 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi Gert, We did see a problem with "Communigate Pro" open SSL/TLS compatibility, simple fix upgrade to latest version/patch. Otherwise no problems. Regards, Brian. Gert Doering wrote:
Hi,
On Wed, Dec 20, 2006 at 10:39:58AM +0100, Brian Riddle wrote:
After our successful implementation testing of Transport Layer Security (TLS) over the last few months, we will be implementing TLS on our external mail exchanges (MXs).
We will upgrade our mail server software on 8 January 2007, followed by implementation of TLS on 10 January 2007.
Cool :)
Did you experience any specific problems in your preparational tests, like "if mail comes from XYZ-MTA version 7.12, and the receipient MX announces TLS, it *will* fail, all the time"?
Gert Doering -- NetMaster
-- Brian Riddle RIPE Network Coordination Center IT Manager Singel 258 Amsterdam NL http://www.ripe.net +31 20 535 4444
Hi, On Wed, Dec 20, 2006 at 11:42:07AM +0100, Brian Riddle wrote:
We did see a problem with "Communigate Pro" open SSL/TLS compatibility, simple fix upgrade to latest version/patch. Otherwise no problems.
That's very good news. Thanks! Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 98999 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi, | After our successful implementation testing of Transport Layer Security | (TLS) over the last few months, we will be implementing TLS on our | external mail exchanges (MXs). | | We will upgrade our mail server software on 8 January 2007, followed by | implementation of TLS on 10 January 2007. This is a nice step forward. Thanks. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment -----------------------------------------------
Have you documented any more about the technicalities, such as which version.release(s) you support, level negotiation, what ciphersuites .... Tom Petch ----- Original Message ----- From: "Brian Riddle" <brian@ripe.net> To: <ncc-services-wg@ripe.net>; <db-wg@ripe.net> Sent: Wednesday, December 20, 2006 10:39 AM Subject: [ncc-services-wg] Implementing TLS/SSL on RIPE NCC external MX'es
[Apologies for duplicate e-mails]
Dear Colleagues,
After our successful implementation testing of Transport Layer Security (TLS) over the last few months, we will be implementing TLS on our external mail exchanges (MXs).
We will upgrade our mail server software on 8 January 2007, followed by implementation of TLS on 10 January 2007.
If you experience problems with mail delivery to the RIPE NCC after the implementation, please send a e-mail to ops@ripe.net. To do this, however, you might have to disable TLS on your MX server or send the email from a MX server that does not have TLS enabled.
Regards,
Brian Riddle IT Manager RIPE NCC
Hi Tom, We will support TLS-level negotiation as described in RFC3207. In our case any MTA with TLS support based on OpenSSL 0.9.6 - 0.9.8 should work without any problem. Regards, Brian. tp wrote:
Have you documented any more about the technicalities, such as which version.release(s) you support, level negotiation, what ciphersuites ....
Tom Petch
----- Original Message ----- From: "Brian Riddle" <brian@ripe.net> To: <ncc-services-wg@ripe.net>; <db-wg@ripe.net> Sent: Wednesday, December 20, 2006 10:39 AM Subject: [ncc-services-wg] Implementing TLS/SSL on RIPE NCC external MX'es
[Apologies for duplicate e-mails]
Dear Colleagues,
After our successful implementation testing of Transport Layer Security (TLS) over the last few months, we will be implementing TLS on our external mail exchanges (MXs).
We will upgrade our mail server software on 8 January 2007, followed by implementation of TLS on 10 January 2007.
If you experience problems with mail delivery to the RIPE NCC after the implementation, please send a e-mail to ops@ripe.net. To do this, however, you might have to disable TLS on your MX server or send the email from a MX server that does not have TLS enabled.
Regards,
Brian Riddle IT Manager RIPE NCC
-- Brian Riddle RIPE Network Coordination Center IT Manager Singel 258 Amsterdam NL http://www.ripe.net +31 20 535 4444
participants (4)
-
Brian Riddle -
Gert Doering -
Pim van Pelt -
tp