So that's not a good reason to do it: essentially we are doing a lot of new
work in order to accomplish something that we could already accomplish using
existing software and doing no new work.
Wouldn't the final scenario be better?
SMTPS on port 26 is realistically no better than STARTTLS on port 25.
And STARTTLS on port 25 is already widely implemented, widely deployed
and working. What would be the point of making things more complicated
with no gain?
Without the downgrade protection you gain precisely nothing except added
complexity. If you have a method to prevent encryption downgrade (we do)
you may as well protect STARTTLS downgrade instead of 'port 26 -> 25
downgrade' and avoid the added complexity.
--
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp