In article <8d3d7446-db7d-ac04-2a36-258643254630(_at_)wizmail(_dot_)org> you
write:
Hi,
Noting that https://tools.ietf.org/html/draft-sheffer-uta-rfc7525bis-00
section 3.2 says that TLS-on-connect SHOULD be preferred over STARTTLS
(my rephrasing) - and that while T-o-c is reasonably common for MSA-MTA
but not for MTA-MTA -
should we think about technical means to facilitate the latter?
Turns out the STARTTLS language was in RFC 7525 and we missed it.
If this draft goes anywhere, I think we should tell them to fix it and
say that STARTTLS and TLS-on-connect are equivalent if the path with
STARTTLS requires its use, which I think reflects reality.
Agreed. The converse should also be mentioned: There's no advantage to
TLS-on-connect if failure means falling back to an unencrypted port.
All of which is a roundabout way of saying there's actually no security
justification for TLS-on-connect for SMTP, RFC 7525 notwithstanding.
Ned
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp