willemien(_at_)amidatrust(_dot_)com wrote:
You are 3 years to late
See
RFC 3207
SMTP Service Extension for Secure SMTP over Transport Layer Security
(februari 2002)
no answer to the adressed valid starttls forbid.
<original message>
hi there,
i cant find the appropriate WG list to discuss this.
so i posted it here.
item:
Hoffman Standards Track [Page 1]
RFC 2487 SMTP Service Extension January 1999
5. The STARTTLS Command
A publicly-referenced SMTP server MUST NOT require use of the
STARTTLS extension in order to deliver mail locally. This rule
prevents the STARTTLS extension from damaging the interoperability of
the Internet's SMTP infrastructure. A publicly-referenced SMTP server
is an SMTP server which runs on port 25 of an Internet host listed in
the MX record (or A record if an MX record is not present) for the
domain name on the right hand side of an Internet mail address.
suggestion:
1. will be dropped
2. standards will be extended with requirement to present valid
approved-CA-signed certificates at using tls with mailservers
3. standards will be extended to require connection with xsmtps first
with fallback to normal smtp or implement a fallforward to xsmpts if a
server/client requires it..
reasons:
- no more state of the art and technology (1999), nearly all products
support tls
- ongoing criminal phishing activity over smtp
- strong and free certificates for everyone availlable at CACert inc., etc.
- ongoing ucbe activity, spammers could be caught and charged more
easily with their certificates as evidence, same to phishers.
- the current state breaks xsmtps networking since theres no method to
notify clients to reattempt with xsmtps.
- expected more systems ressources needed for this are more economical
than current damage from ucbe and phishing
- S/MIME is spreading too slow and unergonomical, risky and too high
effort for simple end users.
- see https, better lets do it on transport layer
- most end users and their certificate trust/intend is controlled mainly
by a well known u.s. software company charging horrent and unreasonable
fees to distribute so even approved CA Certificates cant be easily
mass-provided.
- several local country signature law issues
- information freedom and privacy
... RFC...
y
tom
--
----------------------------------------
Elektronische Unterschrift ist rechtsgültig gemäß
RICHTLINIE 1999/93/EG DES EUROPÄISCHEN PARLAMENTS UND DES RATES
vom 13. Dezember 1999 über gemeinschaftliche Rahmenbedingungen
für elektronische Signaturen
Artikel 5 Abs. 2 i.V.m. §23 SigG "ausländische Produkte".
Stammzertifikat ist bei http://www.thawte.com , http://www.cacert.org
und subkeys.pgp.net verfügbar.
Digital Signature is lawful by
DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 13 December 1999
on a Community framework for electronic signatures
Code 5 Part 2.
Root Certificate is available from http://www.thawte.com ,
http://www.cacert.org and subkeys.pgp.net.