[Top] [All Lists]

Re: [ietf-smtp] starttls-everywhere

2019-03-31 15:15:28
in my mind that is not a good way forward,
I thnk it will break up email as an internet service.
I would much rather go the upwards compatible path,
like we did for smtp/esmtp which I think has been very succcsful. 

The esmtp transition has been so successful because we designed 
it to be so, and nobody was hurt. Transition to starttls has been very 
also because it was designed to be smooth. Please don't break email!


n Sun, Mar 31, 2019 at 03:16:53PM -0400, Phil Pennock wrote:
On 2019-03-31 at 13:33 +0200, keld(_at_)keldix(_dot_)com wrote:
is it no the best way to do itnow

something like 95 % of my connections nowadays are tls, but most of
the connections are with certificates that do no validate.
temporary and the like.

would going to enforcing not invalidate all these connections?
and the fallback to non-encrypted smtp? shooting yourself in the foot...

No: the point of the STARTTLS-Everywhere system is that, like both DANE
and MTA-STS, the sender does _not_ fall back to unencrypted SMTP.

Except in Testing mode.  Which is what Jeremy is explicitly asking
about: moving from "hint, but can still fall back" to "enforce, with no
fall back".


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>