[Top] [All Lists]

Re: [ietf-smtp] SMTP Over TLS on Port 26 - Implicit TLS Proposal

2019-01-17 03:43:57

On 09/01/2019 01.43, Viruthagiri Thirumavalavan wrote:
> There are people out there who has personal websites like and email address like me(_at_)firstnamelastname(_dot_)com

Yeah and I'm one of them. I run my private mailserver for 3 users, one domain name for each.

On 07/01/2019 12.34, Paul Smith wrote:
> Note that port 465 is defined as for SMTPS for *submission*, so it's the SMTPS version of 587, not the SMTPS version of 25.

That is correct, but for most mailservers relaying is disabled anyway, so in practice even port 25 has become a submission gate. Also, you could configure port 465 to allow relaying... out of the box many mail daemons allow this, e.g. I "submit" my outgoing mail to 465 using Postfix. It is messy.

On 09/01/2019 20.11, Alessandro Vesely wrote:
> *Port 26 is simple*.  Straightforward for servers that already implement 465.
> No-brainer for clients.  The only risk is connection timeout on a
> non-interactive job.  Does it hurt?

Exactly. Also, it makes it easier to recognize a secured mail transport. No possible plaintext as with STARTTLS (when the latter fails, mail could proceed over an unencrypted transport).

On 09/01/2019 21.37, Carl S. Gutekunst wrote:
> Devil's advocate question: Do we (the community) care about improved connection latency?

I do.

On 09/01/2019 22.26, valdis(_dot_)kletnieks(_at_)vt(_dot_)edu wrote:
> My intuition says that this proposal doesn't help improve latency, because
> the hit you take waiting for a timeout on port 26 to a non-adopter server
> is going to overwhelm any savings from the STARTTLS RTT not being
> needed.

Good point. I would love a MXS record (Mail eXchanger Secure). Maybe such a MXS SHOULD be an alias to an already existent MX record.

As for the port number: if port 24 is already reserved for private mail systems (!! so no loss of port numbers !!), but not used anymore, it would also make a good candidate. I like the lower number, "try 24 before 25", but port 26 makes sense too. It makes way more sense (to me at least) to have both port numbers in one range, be it 25-25 or 25-26.

One of the benefits of a TLS-only port is the non-dependency on DNSSEC, DANE, and whatnot. It is *simple*, easy to implement (by using e.g. an SSL wrapper), fast, and pleasing to the eye.

Of course this matter doesn't prelude the end of the world ;-)

Regards, Evert

< Send me mail! >
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>