[Top] [All Lists]

Re: [ietf-smtp] MTA-MTA SMTP and TLS-on-connect

2020-04-26 17:55:04
In article <8d3d7446-db7d-ac04-2a36-258643254630(_at_)wizmail(_dot_)org> you 

Noting that
section 3.2 says that TLS-on-connect SHOULD be preferred over STARTTLS
(my rephrasing) - and that while T-o-c is reasonably common for MSA-MTA
but not for MTA-MTA -

should we think about technical means to facilitate the latter?

Turns out the STARTTLS language was in RFC 7525 and we missed it.

If this draft goes anywhere, I think we should tell them to fix it and
say that STARTTLS and TLS-on-connect are equivalent if the path with
STARTTLS requires its use, which I think reflects reality.

Agreed. The converse should also be mentioned: There's no advantage to
TLS-on-connect if failure means falling back to an unencrypted port.

All of which is a roundabout way of saying there's actually no security
justification for TLS-on-connect for SMTP, RFC 7525 notwithstanding.


ietf-smtp mailing list