John Rudd wrote:
[..]
The problem with the STARTTLS strategy is: you can't guarantee at the
network level that a client will use SSL/TLS. The service provider
might be able to do that [...] but the
network provider cannot. In large organizations, or situations with
outsourced services, those two groups may not be the same. This leads
to a situation where a networking service may be trying to enforce a
mandate of "secure protocols only", but cannot do so under the STARTTLS
strategy.
Your problem lies within this paragraph. If one _has_ decoupled the network
service and end-user service provision then the network service provider has
no place mandating the behaviours (and port usages) of the end-user service
providers (such as email server administrators).
Or in your particular case, the wireless network group should get out of _your_
space (as the email system administrator) and just let you get on with enforcing
your email access security policy with STARTTLS on regular ports.
There's no need to change the RFCs in the way you've suggested.
cheers,
gja
--
Grenville Armitage
http://caia.swin.edu.au
I come from a LAN downunder.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf