[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
- Subject: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
- From: bill at herrin.us (William Herrin)
- Date: Fri, 11 Jan 2019 17:41:12 -0800
- In-reply-to: <CAOEezJQ0mJYvKW=SdbbE4ZC2Vx6_9FD5Z0SpkF2840r580vZ5w@mail.gmail.com>
- References: <CAOEezJQ0mJYvKW=SdbbE4ZC2Vx6_9FD5Z0SpkF2840r580vZ5w@mail.gmail.com>
On Fri, Jan 11, 2019 at 4:22 PM Viruthagiri Thirumavalavan
<giri at dombox.org> wrote:
> What IETF Mailing list thinks? - "Implicit TLS doesn't offer any additional security than a downgrade protected STARTTLS. Let's not waste a port."
In addition, it bypasses all the security folks have built around the
idea of blocking port 25 traffic from sources which should not be
operating as mail servers. Let's not make the network less secure in
the name of making it more so.
> e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.
I'm not a fan over overloading semantic information in part of a
protocol where it doesn't belong, That's dug us in to a lot of deep
holes over the years. If you want to do this, seek a new DNS record
type or do like everybody else and create a TXT record to inform
internet peers of the availability of your new semantics for port 25.
Regards,
Bill Herrin
--
William Herrin ................ herrin at dirtside.com bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>