Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[William Herrin <bill () herrin us>]

On Fri, Jan 11, 2019 at 4:22 PM Viruthagiri Thirumavalavan
<giri () dombox org> wrote:
> What IETF Mailing list thinks? - "Implicit TLS doesn't offer any additional security than a downgrade protected 
> STARTTLS. Let's not waste a port."

In addition, it bypasses all the security folks have built around the
idea of blocking port 25 traffic from sources which should not be
operating as mail servers. Let's not make the network less secure in
the name of making it more so.

> e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.

I'm not a fan over overloading semantic information in part of a
protocol where it doesn't belong, That's dug us in to a lot of deep
holes over the years. If you want to do this, seek a new DNS record
type or do like everybody else and create a TXT record to inform
internet peers of the availability of your new semantics for port 25.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>