[Top] [All Lists]

Re: [ietf-smtp] SMTP Over TLS on Port 26 - Implicit TLS Proposal

2019-01-08 06:08:18
I like Viruthagiri's proposal.

On Mon 07/Jan/2019 13:33:39 +0100 John C Klensin wrote:
A simple TXT record saying "This domain's MTAs support
STARTTLS (and, possibly, optionally, this is the certificate
fingerprint)" would seem useful and not need anything else,
and would protect against STARTTLS downgrade for any sender
willing to support it.

Obviously it would be vulnerable to DNS pollution, but so
would the original proposal.

Please see at least one of Burt Hubert's "DNS Camel" pieces
and/or RFC 8324, and think about not only pollution/cache
poisoning but about the observation that DNS zone managers and
email administrators are often in separate departments with less
effective communication than one might like, before going down
that path.

Well, yes, tweaking host names in MX record would have been a nice hack.  As it
seems such a hack won't work well, however, it's better to save the camel a
useless burden altogether.  Perhaps, the probability of finding an smtps
service on port 26 can be advertised by some other means.

As for port 26, nmap reports[*] a seldom used, unofficial "rsftp" there:

# Fields : Service name, portnum/protocol, open-frequency, optional comments
# [...]

telnet  23/tcp  0.221265
telnet  23/udp  0.006211
priv-mail       24/tcp  0.001154        # any private mail system
priv-mail       24/udp  0.000329        # any private mail system
smtp    25/tcp  0.131314        # Simple Mail Transfer
smtp    25/udp  0.001285        # Simple Mail Transfer
rsftp   26/tcp  0.007991        # RSFTP

Would 24 be better?

Rsftp seems to be a buggy ftp-like program.[†]  Google didn't help me to find
much more.  There are some projects on github called rsftp[‡], but none of them
is that one.


[‡] (related)

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>