On Feb 4, 2016, at 11:22 AM, John C Klensin <john-ietf(_at_)jck(_dot_)com>
wrote:
I am quite comfortable at this time with a requirement of
better than SSLv3 for SMTP on the public Internet.
Unless there is a fallback to clear text, I am not.
Yes, of course with cleartext transmission in the absence of STARTTLS
support. I had expected that would have been clear from context.
The point being that systems that are STARTTLS-capable are at this
point essentially without exception capable of TLSv1 or better.
My statement should have said "requirement of better than SSLv3 to
complete a STARTTLS handshake". I am not suggesting that we've
reached sufficiently broad STARTTLS adoption to make it realistic
to end support for cleartext SMTP.
At https://www.google.com/transparencyreport/saferemail/
we see a very small positive slope in the percentage of TLS
outbound mail (~2% per year) and no sign of growth in TLS inbound
mail (I'm guessing the bulk email senders don't much care for TLS
and send more traffic on weekdays than weekends).
--
Viktor.