[Top] [All Lists]

Re: [ietf-smtp] fall back to clear text if TLS fails

2016-01-12 09:45:37
Hi, Jim,

On 1/12/16 6:20 AM, Claus Assmann wrote:
! 1.  Introduction
! ...
!    messages.  In this application, TLS is used only upon mutual
!    agreement (successful negotiation) between the client and
server; if
!    this is not possible, the message is sent unencrypted.

That's not the case for all MTAs. sendmail only recently introduced
an option to allow this:

    To automatically handle TLS interoperability problems for outgoing
            mail, sendmail can now immediately try a connection again
            without STARTTLS after a TLS handshake failure.

This was triggered due to the decision of OpenSSL to enforce some
policy in the library without a simple option to override that and
the resulting delivery problems...

Before that, mails would get stuck in the queue and hopefully get
the attention of a postmaster to fix the interoperability problem.

That's good to know, but isn't quite the situation the draft was
to describe. The "negotiation" intended here was support for STARTTLS
itself. If the server MTA doesn't advertise STARTTLS in its EHLO
response, clients will generally just send mail without negotiating

The ambiguous way 'negotiation' is used here in these two lines is quite 
confusing and I'd suggest you use another term in your draft for the mere 
advertisement of STARTTLS and the detection of support for STARTTLS by the 


ietf-smtp mailing list