nanog mailing list archives
Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
From: "Constantine A. Murenin" <mureninc () gmail com>
Date: Fri, 11 Jan 2019 22:37:50 -0600
On Fri, 11 Jan 2019 at 22:00, Suresh Ramasubramanian <ops.lists () gmail com> wrote:
Most new MTA implementations over the past several years default to TLS with strong ciphers. So how much of a problem is low or no TLS right now?
The real problem is that opportunistic StartTLS stops being opportunistic the minute you encounter a `STARTTLS` extension on `EHLO`. At that point and henceforth, TLS is pretty much 100% mandatory. What happens if there are SSL negotiation failures? I'll tell you what happens — the sender will receive a few bounces, X hours and Y days after sending the mail; recipient doesn't receive anything at all. (Unless, of course, one of the administrators would magically decide to change the SSL options in the meantime to be compatible, or to disable the "opportunistic" StartTLS to start with, before the final bounce gets generated by the MTA of the sender.) These problems are real. They're already happening today. StartTLS being "opportunistic" is a pretty big scam. C.
Current thread:
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request], (continued)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Töma Gavrichenkov (Jan 12)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Robert Blayzor (Jan 14)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 14)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Tom Beecher (Jan 14)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] James Downs (Jan 12)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
- Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)