[Top] [All Lists]

RE: port number for smtp over ssl

2003-01-15 17:22:42

From: Dave Crocker [mailto:dhc(_at_)dcrocker(_dot_)net] 
Sent: Wednesday, January 15, 2003 2:25 PM

ned> The correct way to use TLS/SSL with SMTP is through the 
use of the 
ned> STARTTLS SMTP extension defined in RFC 3207.

1. common practise is common practise and we have registered 
a number of protocols over TLS on alternate ports, including 
IMAP and POP. So why not SMTP?  Given that it is already 
established practise, the concern over the supposed "damage" 
of "encouraging" its use does not apply.

2. There is a very basic difference between changing a 
protocol implementation, versus changing a port number 
configuration. As a matter of purity, I entirely agree that 
negotiation of a substrate mode is better done inline. I 
think that promiscuous consumption of multiple port numbers 
for the same application protocol is, at least, sloppy.
However there are some operational realities here and 
operationally, it is much easier to get ops folks to run an 
existing server on a new port than to run a revised server. 
Ops folks are typically conservative about making software 
upgrades. and they should be.

I seem to recall that port 465 used to be registered for SMTP over SSL
before RFC 3207, but that once the STARTTLS ID was moved to RFC status
the WG made a request to IANA to have that port deregistered.  The idea
was to emphasize that the proper way to provide a secure layer was
through STARTTLS.  I don't think we should back off that, regardless of
de facto usage.

-- jeff