On 1/27/11 8:41 AM, Paul Hoffman wrote:
On 1/27/11 8:12 AM, IETF Chair wrote:
Originally, two ports were assigned for plain and over-TLS, which for
HTTP mapped to two different URL schemes: http and https.
Many people thought that this was a waste of a port, and the STARTTLS
approach was developed. You say that it does not work in some cases,
and you seem to be suggesting that we go back to the original way.
Maybe it works in some cases and not others. Can we say which is which?
In a word: no. We have very little operational experience, and where we
do, it gives conflicting results. Some mail client developers say that
POP and IMAP STARTTLS works fine, some say that it is unreliable and so
they just use the alternate ports.
So I can say that having provided a large scale mail-service in a former
life that we made it work for our customers.
On the SMTP side on the virtually everyone has this working except those
people that use 465, because the service you're talking to on 587 is
fundamentaly the same one that's on 25.
joelja-mac:tmp joelja$ telnet nagasaki.bogus.com 25
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.4/8.14.4; Thu, 27 Jan 2011
250-nagasaki.bogus.com Hello adsl-99-173-15-226.dsl.pltn13.sbcglobal.net
[22.214.171.124], pleased to meet you
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
Note that Cullen's example for where it almost certainly would not work
is for non-stream UDP. Making UDP developers have to come up with a
stream-like capability to do a STARTTLS-style single port solution
defeats the purpose of using UDP. The benefit of "we saved another
port!" over "we forced someone to make UDP more like TCP!" seems like a
Ietf mailing list
Ietf mailing list