[Top] [All Lists]

Re: [ietf-smtp] SMTP Over TLS on Port 26 - Implicit TLS Proposal

2019-01-07 05:40:21
On 07/01/2019 11:13, Gilles Chehade wrote:
don't know if they're good reasons but there's already 465/tcp for smtps
and I don't know what to think about tying protocol behavior to hostname
as it feels really hackish to me.

Note that port 465 is defined as for SMTPS for *submission*, so it's the SMTPS version of 587, not the SMTPS version of 25.

I agree that using the hostname for this feels hackish. An SRV or TXT record would seem more obvious.

I'm not sure of the advantage of implicit TLS over STARTTLS if downgrade is prevented, and given that your MTA will have to still accept STARTTLS & unencrypted connections for interoperability, it seems a bit unnecessary here.

A simple TXT record saying "This domain's MTAs support STARTTLS (and, possibly, optionally, this is the certificate fingerprint)" would seem useful and not need anything else, and would protect against STARTTLS downgrade for any sender willing to support it.

Obviously it would be vulnerable to DNS pollution, but so would the original proposal.


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at

ietf-smtp mailing list