[AusNOG] Issues receiving from TPG Mail servers.
Mal
malz at jetlan.com
Mon Jul 23 20:54:58 EST 2018
On 23/07/2018 7:04 PM, James Hodgkinson wrote:
> I think we all need to step back a bit, let OP do what his auditor feels
> is right, then thank him on behalf of EFF’s StartTLSEverywhere
> project... [1]
> ;)
>
> James
>
> [1] https://starttls-everywhere.org
>
Whilst i agree with the early comments that SMTP might not be the best
exchange mechanism here for the actual payment card information, this
could be a solution using of a pair of MTAs configured with DANE TLSA
enforcement.
Using StartTLS with DNSSEC and DANE TLSA in place would likely have PCI
compliance, as you can guarantee the end-to-end hosts, and guarantee TLS
usage. The participating MTAs would need to be configured for 'DANE
only' to ensure compliance. Therefore, not part of any general email
infrastructure, as most domains lack DNSSEC signing in the first place,
let alone anything else.
Mal
More information about the AusNOG
mailing list