On 1/12/16 6:20 AM, Claus Assmann wrote:
! 1. Introduction
! messages. In this application, TLS is used only upon mutual
! agreement (successful negotiation) between the client and
! this is not possible, the message is sent unencrypted.
That's not the case for all MTAs. sendmail only recently introduced
an option to allow this:
To automatically handle TLS interoperability problems for outgoing
mail, sendmail can now immediately try a connection again
without STARTTLS after a TLS handshake failure.
This was triggered due to the decision of OpenSSL to enforce some
policy in the library without a simple option to override that and
the resulting delivery problems...
Before that, mails would get stuck in the queue and hopefully get
the attention of a postmaster to fix the interoperability problem.
That's good to know, but isn't quite the situation the draft was
to describe. The "negotiation" intended here was support for STARTTLS
itself. If the server MTA doesn't advertise STARTTLS in its EHLO
response, clients will generally just send mail without negotiating
The ambiguous way 'negotiation' is used here in these two lines is quite
confusing and I'd suggest you use another term in your draft for the mere
advertisement of STARTTLS and the detection of support for STARTTLS by the
ietf-smtp mailing list