in my mind that is not a good way forward,
I thnk it will break up email as an internet service.
I would much rather go the upwards compatible path,
like we did for smtp/esmtp which I think has been very succcsful.
The esmtp transition has been so successful because we designed
it to be so, and nobody was hurt. Transition to starttls has been very
successful
also because it was designed to be smooth. Please don't break email!
keld
n Sun, Mar 31, 2019 at 03:16:53PM -0400, Phil Pennock wrote:
On 2019-03-31 at 13:33 +0200, keld(_at_)keldix(_dot_)com wrote:
is it no the best way to do itnow
something like 95 % of my connections nowadays are tls, but most of
the connections are with certificates that do no validate.
temporary and the like.
would going to enforcing not invalidate all these connections?
and the fallback to non-encrypted smtp? shooting yourself in the foot...
No: the point of the STARTTLS-Everywhere system is that, like both DANE
and MTA-STS, the sender does _not_ fall back to unencrypted SMTP.
Except in Testing mode. Which is what Jeremy is explicitly asking
about: moving from "hint, but can still fall back" to "enforce, with no
fall back".
-Phil
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp