On 2019-03-31 at 13:33 +0200, keld(_at_)keldix(_dot_)com wrote:
is it no the best way to do itnow
something like 95 % of my connections nowadays are tls, but most of
the connections are with certificates that do no validate.
temporary and the like.
would going to enforcing not invalidate all these connections?
and the fallback to non-encrypted smtp? shooting yourself in the foot...
No: the point of the STARTTLS-Everywhere system is that, like both DANE
and MTA-STS, the sender does _not_ fall back to unencrypted SMTP.
Except in Testing mode. Which is what Jeremy is explicitly asking
about: moving from "hint, but can still fall back" to "enforce, with no
fall back".
-Phil
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp