The SMTP clients and servers exchange that information during
the EHLO
session of the SMTP transaction. Why do you need to advertise
that via DNS?
There is a downgrade attack. The parties do not know
that the other accepts TLS. This means that an active man
in the middle attack could be used to prevent the session
upgrading to TLS
Of course if you do not have DNSSEC the same argument
could be made against DNS
Leaving all of this aside, how will the use of TLS with SMTP help
resolve the spam problem?
It is just another authentication mechanism, very similar to
CallerID/SPF in features offered. But it does have a much higher
barrier to entry - for the authentication to be useful you need
trustworthy third parties.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg