[Top] [All Lists]

Re: [ietf-smtp] Possible cont4ibution to moving forward with RFC5321bis SMTP

2019-12-26 18:30:09
On 12/26/19 5:37 PM, Viktor Dukhovni wrote:

To me it seems that all of this should be out-of-scope for 5321bis, or that the 
only mention of this in 5321bis should be to declare such things out-of-scope.  
 Requiring hop-by-hop encryption would be the most disruptive change in the 
history of SMTP, I think, far more so than EHLO.
It may well be too soon to*mandate*  TLS, but we could perhaps MUST a 
RECOMMENDED or a SHOULD for inter-domain relay of email.

I'd support a carefully-worded recommendation to use TLS when relaying, as long as it didn't (yet) recommend blocking mail based on absence of TLS and (probably) cautioned against doing so outside of some narrow corner cases.

I suspect that there are a lot of devices out there sending cleartext mail, that probably can't be upgraded for the useful lifetime of the device.  And using TLS to send mail from a device, actually makes the device more fragile because it implies a need to upgrade the CAs that the device trusts.

(I do also wonder how many existing SMTP servers can handle TLS with client certificates, because that seems like that would also be a recommendation worth considering.)


ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>