ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] SMTP Over TLS on Port 26 - Implicit TLS Proposal

2019-01-08 10:38:17
@Gilles Chehade


I would have high-fived a proposal to do opportunistic smtps, but here I
feel you're hacking behavior by encoding it in a field that's not meant
to carry it.


Could you clarify that part? What do you mean by opportunistic smtps? Why
do we need that?

smtps protects everything from top to bottom like https. In opportunistic
encryption, the conversation get started as plain text and gets upgraded to
a secure connection when the sever presents an opportunity.

Why do you wanna combine both?

On Tue, Jan 8, 2019 at 9:35 PM Viruthagiri Thirumavalavan 
<giri(_at_)dombox(_dot_)org>
wrote:

@Gilles Chehade

don't know if they're good reasons but there's already 465/tcp for smtps


I think Paul Smith already clarified that part. So yes we have SMTPS right
now only for submission. Not for the relay. That's what this proposal is
all about.

ISPs usually block port 25 to prevent outgoing email spam (direct-to-mx).
That's one of the reasons why we introduced port 587 for submission (e.g.
iPhone mail app to gmail). Port 465 is the secure version of port 587. If
we use the port 465 as secure alternative to port 25, then we are
introducing the same (direct-to-mx) problem again. So we need a new
unallocated port.

Three days back when I prepared my proposal for uta working group, it had
all that port history information. To simplify the document, I removed
<https://gist.github.com/mistergiri/a4c9a5f1c26fd7003ebc0652af95d314/revisions>
the smtp history related content.

I just created a new github gist and added back that content.
https://gist.github.com/mistergiri/16314f21077d1f0aaa6e3a66ee0fabe2

Hope someone find that useful. Let me know if I'm wrong somewhere or
missed something.

Thanks

On Tue, Jan 8, 2019 at 6:39 PM Richard Clayton 
<richard(_at_)highwayman(_dot_)com>
wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message 
<9e5c4dd8-7acf-8da7-4d4e-9337ef6e6101(_at_)pscs(_dot_)co(_dot_)uk>, Paul 
Smith
<paul(_at_)pscs(_dot_)co(_dot_)uk> writes

A simple TXT record saying "This domain's MTAs support STARTTLS (and,
possibly, optionally, this is the certificate fingerprint)" would seem
useful and not need anything else, and would protect against STARTTLS
downgrade for any sender willing to support it.

doesn't RFC 8461 provide what you wish for ?

- --
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBXDSgxTu8z1Kouez7EQKcZgCg4KASq4mxUC9fjFMpFtkpcpc4e60AnjnX
msVphIabOk6qCw/82FSxstUt
=sHmk
-----END PGP SIGNATURE-----

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp



--
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.



-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>