ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 6. Proposals - AMTP (rev 01) - MPC

2003-10-02 14:50:36
from [Brad Knowles] [Permanent Link] 
At 10:46 PM +0200 2003/10/02, Markus Stumpf wrote:


 RFC 3207 - SMTP Service Extension for Secure SMTP over Transport Layer
 Security - describes STARTTLS that can be used for TLS connections.
TLSSMTP can really screw things up. I keep getting these bounces from a person on Declan McCullagh's Politech mailing list: 

From: Mail Delivery Subsystem <MAILER-DAEMON(_at_)smtp-4(_dot_)his(_dot_)com>
To: <brad(_dot_)knowles(_at_)skynet(_dot_)be>
Subject: Returned mail: see transcript for details

The original message was received at Thu, 25 Sep 2003 15:55:23 -0400 (EDT)
from vhost109.his.com [216.194.225.101]

   ----- The following addresses had permanent fatal errors -----
<george(_at_)ellenburg(_dot_)org>
    (reason: 403 4.7.0 TLS handshake failed.)

   ----- Transcript of session follows -----
<george(_at_)ellenburg(_dot_)org>... Deferred: 403 4.7.0 TLS handshake failed.
Message could not be delivered for 5 days
Message will be deleted from queue

Reporting-MTA: dns; smtp-4.his.com
Arrival-Date: Thu, 25 Sep 2003 15:55:23 -0400 (EDT)

Final-Recipient: RFC822; george(_at_)ellenburg(_dot_)org
Action: failed
Status: 4.4.7
Diagnostic-Code: SMTP; 403 4.7.0 TLS handshake failed.
Last-Attempt-Date: Wed, 1 Oct 2003 02:19:25 -0400 (EDT)
The problem is that if TLSSMTP is advertised, the systems try to use that instead and ignore anything else. If there is a failure, they don't fall back to unencrypted channels. This may be what you want in situations requiring encryption, but you shouldn't be forced down this path in the case of opportunistic encryption.
You need to be careful to avoid creating the same kind of trap in other circumstances. 

--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 6. Proposals - AMTP (rev 01) - MPC, Markus Stumpf
Next by Date:  RE: [Asrg] 6. Proposals - Creative Addressing, Peter Kay
Previous by Thread:  Re: [Asrg] 6. Proposals - AMTP (rev 01) - MPC, Markus Stumpf
Next by Thread:  Re: [Asrg] 6. Proposals - AMTP (rev 01) - MPC, Bill Weinman
Indexes:  [Date] [Thread] [Top] [All Lists]