SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
Viruthagiri Thirumavalavan
giri at dombox.org
Sat Jan 12 11:42:56 UTC 2019
Hi Töma,
Those are valid points.
Thanks for the input.
On Sat, Jan 12, 2019 at 4:02 PM Töma Gavrichenkov <ximaera at gmail.com> wrote:
> 12 Jan. 2019 г., 8:44 Viruthagiri Thirumavalavan <giri at dombox.org>:
> > Pros of introducing Implicit TLS:
> > + Falls under Best Practices
> > + Seems like it's what the world wants.
>
> None of the above is really a technical argument within standards process.
>
> The world wants emojis in domain names, so what?
>
> > + Sets an early date to deprecate Opportunistic TLS in the future.
>
> There's nothing bad in opportunistic TLS per se, and no reason to
> deprecate it. The real problem is the (absent) downgrade resistance: SMTP
> in cleartext is historically the default, and there's no tool to reliably
> advertise to *everyone* on the Internet that your particular SMTP server is
> not obsolete. Also, TOFU is similarly unreliable for that matter and too
> opaque for troubleshooting.
>
> None of the issues above are solved by adding yet another port to the
> already overblown e-mail port bundle.
>
> In fact, implicit TLS still has some advantages over the explicit version
> (e.g. 0-RTT) that you've missed, but they are of questionable profit for
> e-mail.
>
> --
> Töma
>
--
Best Regards,
Viruthagiri Thirumavalavan
Dombox, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190112/7f5169f7/attachment.html>
More information about the NANOG
mailing list