SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

• Previous message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Next message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Seth,

My solution is intended for clients. A client should decide whether to
transmit mails in clear text or not.

In other words, the server can accept mails in clear text. The prefix
informs the client, that the server supports TLS.

A client that knows what "starttls-" prefix stands for, would come to know
downgrade attacks if the STARTTLS command not found in EHLO response.

If I force the server to accept only TLS, then that's not backward
compatible.

Thanks

On Sat, Jan 12, 2019 at 9:24 PM Seth Mattinen <sethm at rollernet.us> wrote:

> On 1/11/19 9:38 AM, Viruthagiri Thirumavalavan wrote:
> > Hello NANOG, Belated new year wishes.
> >
> > I would like to gather some feedback from you all.
> >
> > I'm trying to propose two things to the Internet Standard and it's
> > related to SMTP.
> >
> > (1) STARTTLS downgrade protection in a dead simple way
> >
> > (2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.
>
>
> Why would anyone need this when you can just set an option in most (all
> modern?) SMTP servers to refuse clear connections if you want to force
> TLS at all times?
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190112/74a5c509/attachment.html>

• Previous message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Next message (by thread): SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]