On Oct 26, 2019, at 5:05 PM, Viktor Dukhovni
For mostly opportunistic TLS,
there's not much incentive to jump through complex TLS hoops.
Yes but IMO we should be moving toward a world in which TLS is mandatory for
SMTP relay. Clear guidance to implementors and operators on what TLS
versions, cert algorithms, and ciphersuites a client and server should support,
might help us get there.
(perhaps as a stepping stone, cleartext mail relay could be pessimized by
having servers randomly return 4xx in response to MAIL sent without TLS,
obsolete TLS, or weak ciphersuites, with the probability of such responses
increasing over time.)
ietf-smtp mailing list