SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

• Previous message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Next message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> In addition, it bypasses all the security folks have built around the
> idea of blocking port 25 traffic from sources which should not be
> operating as mail servers. Let's not make the network less secure in
> the name of making it more so.


I already addressed this issue in the "security considerations" section.

"Port 26 will be a secure alternative for Port 25. So Internet Service
Providers are adviced to take precautions to prevent email spam abuse. They
are advised to block port 26, if necessary."

I'm not a fan over overloading semantic information in part of a
> protocol where it doesn't belong, That's dug us in to a lot of deep
> holes over the years. If you want to do this, seek a new DNS record
> type or do like everybody else and create a TXT record to inform
> internet peers of the availability of your new semantics for port 25.


Yes, This suggestion came up on our discussions.

On Sat, Jan 12, 2019 at 7:11 AM William Herrin <bill at herrin.us> wrote:

> On Fri, Jan 11, 2019 at 4:22 PM Viruthagiri Thirumavalavan
> <giri at dombox.org> wrote:
> > What IETF Mailing list thinks? - "Implicit TLS doesn't offer any
> additional security than a downgrade protected STARTTLS. Let's not waste a
> port."
>
> In addition, it bypasses all the security folks have built around the
> idea of blocking port 25 traffic from sources which should not be
> operating as mail servers. Let's not make the network less secure in
> the name of making it more so.
>
> > e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.
>
> I'm not a fan over overloading semantic information in part of a
> protocol where it doesn't belong, That's dug us in to a lot of deep
> holes over the years. If you want to do this, seek a new DNS record
> type or do like everybody else and create a TXT record to inform
> internet peers of the availability of your new semantics for port 25.
>
> Regards,
> Bill Herrin
>
> --
> William Herrin ................ herrin at dirtside.com  bill at herrin.us
> Dirtside Systems ......... Web: <http://www.dirtside.com/>
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190112/7c5972f0/attachment.html>

• Previous message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Next message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]