SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

• Previous message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Next message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

12 Jan. 2019 г., 8:44 Viruthagiri Thirumavalavan <giri at dombox.org>:
> Pros of introducing Implicit TLS:
> + Falls under Best Practices
> + Seems like it's what the world wants.

None of the above is really a technical argument within standards process.

The world wants emojis in domain names, so what?

> + Sets an early date to deprecate Opportunistic TLS in the future.

There's nothing bad in opportunistic TLS per se, and no reason to deprecate
it. The real problem is the (absent) downgrade resistance: SMTP in
cleartext is historically the default, and there's no tool to reliably
advertise to *everyone* on the Internet that your particular SMTP server is
not obsolete. Also, TOFU is similarly unreliable for that matter and too
opaque for troubleshooting.

None of the issues above are solved by adding yet another port to the
already overblown e-mail port bundle.

In fact, implicit TLS still has some advantages over the explicit version
(e.g. 0-RTT) that you've missed, but they are of questionable profit for
e-mail.

--
Töma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190112/96072c6a/attachment.html>

• Previous message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Next message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]