[Top] [All Lists]

Re: port number for smtp over ssl

2003-01-16 16:49:10

Registering SMTPS again would only provide short-term relief 
(providers would soon block it as well) at the cost of creating 
standards confusion.

Exactly right. SMTPS really is a solution to a very different 
problem, one that cannot be leveraged as a solution to the problem 
you describe except in, as you say, the short term.

Actually, I think this might argue *in favor* of registering 465. 
Right now, 465 is used for unauthenticated encrypted submission. We 
don't want people using unauthenticated encrypted submission; we want 
them using authenticated submission, either on port 25 or on port 
587. As a matter of fact, open 465 ports mean that, for example, 
spammers will have a new way to get through firewalls and spam. (And 
I would not be at all shocked if there were installed SMTP 
implementations with SSL-SMTP listening on port 465 without their ops 
knowing about it.) Maybe 465 should be registered to, in effect, 
encourage people to make sure it is turned off.

the problem is that port registration conveys so little information, 
and it invites people to make incorrect inferences.

maybe what we need is an RFC titled

"use of TLS or SSL with separate ports considered harmful"


"use of port 465 with SMTP and SSL considered harmful"


<Prev in Thread] Current Thread [Next in Thread>