ietf-smtp
[Top] [All Lists]

Re: RFC 3207 STARTTLS

2008-10-24 12:36:30

On Fri, 24 Oct 2008, John C Klensin wrote:

(2) Fix it, on the theory that the idea of using SMTP over TLS
is reasonable but that the specification needs tightening up.

The second is completely consistent with generating a new
document and trying to advance it to Draft Standard.  If that
were to fail because of the number and nature of changes that
would be required, we would still have a document to recycle at
Proposed that, presumably, would be better than what we have
now, especially given the weaknesses you identify/claim.

Are you suggesting some other course of action?

No, I agree this is the way to go, and I agree with your postscript too :-)

I thought I ought to do a quick brain dump of the major issues since the
topic came up and it's one of my hobby horses.

RFC 3207 works well for message submission, and the improvements I think
it needs are minor. The same is true for explicitly configured relaying.

However I don't know how to address its weaknesses for inter-domain
relaying via MX records. At the same time relaying is often much less
vulnerable to active attack than message submission, so there seems to me
to be less need for TLS in this situation. (I'd probably have a less
sanguine point of view if I had lots of mail going through a dodgy shared
hosting environment...)

Tony.
-- 
f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
GERMAN BIGHT HUMBER: WESTERLY BACKING SOUTHWESTERLY 5 TO 7, PERHAPS GALE 8
LATER. MODERATE OR ROUGH, OCCASIONALLY VERY ROUGH. RAIN OR SHOWERS. MODERATE
OR GOOD.

<Prev in Thread] Current Thread [Next in Thread>