nanog mailing list archives

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

From: Viruthagiri Thirumavalavan <giri () dombox org>
Date: Sat, 12 Jan 2019 17:12:56 +0530

Hi Töma,

Those are valid points.

Thanks for the input.

On Sat, Jan 12, 2019 at 4:02 PM Töma Gavrichenkov <ximaera () gmail com> wrote:

12 Jan. 2019 г., 8:44 Viruthagiri Thirumavalavan <giri () dombox org>:

Pros of introducing Implicit TLS:
+ Falls under Best Practices
+ Seems like it's what the world wants.


None of the above is really a technical argument within standards process.

The world wants emojis in domain names, so what?

+ Sets an early date to deprecate Opportunistic TLS in the future.


There's nothing bad in opportunistic TLS per se, and no reason to
deprecate it. The real problem is the (absent) downgrade resistance: SMTP
in cleartext is historically the default, and there's no tool to reliably
advertise to *everyone* on the Internet that your particular SMTP server is
not obsolete. Also, TOFU is similarly unreliable for that matter and too
opaque for troubleshooting.

None of the issues above are solved by adding yet another port to the
already overblown e-mail port bundle.

In fact, implicit TLS still has some advantages over the explicit version
(e.g. 0-RTT) that you've missed, but they are of questionable profit for
e-mail.

--
Töma



-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Current thread:

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request], (continued)
- - - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] William Herrin (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Brandon Martin (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Töma Gavrichenkov (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Robert Blayzor (Jan 14)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 14)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Tom Beecher (Jan 14)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Seth Mattinen (Jan 12)
  - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] James Downs (Jan 12)

(Thread continues...)