[Top] [All Lists]

Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard

2001-07-27 18:14:26

One very important thing to note is that clients on Microsoft's rather
popular OS family (as much as I loathe it personally) will *not* use TLS 1.0
at all, by default.

then they shouldn't claim to conform to the SMTP STARTTLS RFC, and 
they shouldn't try to negotiate STARTTLS with a server.
if they can call Microsoft's library with non-default settings that
cause the library to use TLS, fine.  if not, they can supply their
own library - because the Microsoft one doesn't allow them to conform
to the standards.

we didn't write a specification for SMTP over TLS so that people could
pretend to support it and actually support something weaker.  there 
are reasons that TLS was approved for standards track and SSLv3 wasn't.


<Prev in Thread] Current Thread [Next in Thread>