Mailing List CGatePro@mail.stalker.com Message #101101
From: James Roman <james_roman@ssaihq.com>
Subject: Re: Re: Extended Validation certificates
Date: Wed, 10 Nov 2010 09:43:56 -0500
To: Communigate Pro Mailing List <CGatePro@mail.stalker.com>
On 01/-10/-28163 02:59 PM, Philip J. Koenig wrote:
James Roman<james_roman@ssaihq.com>  wrote:

I was asked today if there was any benefit to purchasing an extended
validation certificate for our mail server. I couldn't think of any good
reason to ever install an EV certificate on a corporate mail server. In my
mind, the visual confirmation aspect of SSL certificates is not really
necessary (or possible except via webmail) when communicating with mail
servers. Can anyone else think of a reason to spend the extra money.

The main point of a certificate signed by a well-known CA is that it
verifies that the host is really what it claims to be.

... snip ...

So there is not really any "technical" difference in the higher-
validation certs, the difference is that the CA has met a very high
standard of practice, how far the CA goes to verify the cert
requester is who they claim to be, and then some other unrelated
items like how much liability insurance coverage they provide to the
cert customer, customer-service, etc.

I agree with the bulk of the response, but I'd argue that the technical difference is in the process used to validate the certificate by the client, but it is not in the certificate itself. Currently only web browsers check that that the certificate is signed by an extended validation CA certificate. Mail clients currently do not recognize the difference between regular and EV certificates, that I'm aware of. Normally, only client (MUA) to server (MTA) protocols/interactions utilize SSL certificates, therefor, there is no benefit to using them at the moment on mail servers.
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster