[Top] [All Lists]

Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard

2001-07-27 15:55:47

I agree that we shouldn't worry about being non-interoperable with
nonexistent implementations.  But I seriously question whether you
can determine that there aren't a significant number of such
implementations.  I expect there would be a delay between deployment
of such implementations and use of the STARTTLS feature, so the
"would not survive in the wild" argument is, for me, unpersuasive.

Surely *someone* would have heard of such an implementation if it
existed anywhere?

I've seen zero discussion of the extent of broken vs. conforming 
implementations in groups that are frequented by SMTP implementors.
All I've seen is your claim that most client implementations fail to 
follow the spec in sending TLS 1.0 Hello messages.  No offense,
but I don't think that's sufficient justification to change the spec.


<Prev in Thread] Current Thread [Next in Thread>