nanog mailing list archives
Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
From: Viruthagiri Thirumavalavan <giri () dombox org>
Date: Sat, 12 Jan 2019 07:20:21 +0530
In addition, it bypasses all the security folks have built around the idea of blocking port 25 traffic from sources which should not be operating as mail servers. Let's not make the network less secure in the name of making it more so.
I already addressed this issue in the "security considerations" section. "Port 26 will be a secure alternative for Port 25. So Internet Service Providers are adviced to take precautions to prevent email spam abuse. They are advised to block port 26, if necessary." I'm not a fan over overloading semantic information in part of a
protocol where it doesn't belong, That's dug us in to a lot of deep holes over the years. If you want to do this, seek a new DNS record type or do like everybody else and create a TXT record to inform internet peers of the availability of your new semantics for port 25.
Yes, This suggestion came up on our discussions. On Sat, Jan 12, 2019 at 7:11 AM William Herrin <bill () herrin us> wrote:
On Fri, Jan 11, 2019 at 4:22 PM Viruthagiri Thirumavalavan <giri () dombox org> wrote:What IETF Mailing list thinks? - "Implicit TLS doesn't offer anyadditional security than a downgrade protected STARTTLS. Let's not waste a port." In addition, it bypasses all the security folks have built around the idea of blocking port 25 traffic from sources which should not be operating as mail servers. Let's not make the network less secure in the name of making it more so.e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.I'm not a fan over overloading semantic information in part of a protocol where it doesn't belong, That's dug us in to a lot of deep holes over the years. If you want to do this, seek a new DNS record type or do like everybody else and create a TXT record to inform internet peers of the availability of your new semantics for port 25. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- Best Regards, Viruthagiri Thirumavalavan Dombox, Inc.
Current thread:
- SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Michael Thomas (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Doug Royer (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] William Herrin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] William Herrin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] William Herrin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Brandon Martin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)