I agree, but only to a point. Cryptographic protocols such as TLS 1.0/1.1 are still usable and strong against attackers with limited resources. The issue is that hardware is now a commodity that is only getting cheaper and more powerful. As such, it is now much easier to break the TLS1.0/1.1 encryption and decode the messages.
We as the caretakers must try to balance protection and usability. We control the front door and as a community will agree on how to secure it. There are those who will not want to go with the higher security requirements and that is fine. If both parties cannot agree on an encryption level, then the connection will not be allowed. All other software and services, the connection will be denied. eMail is the only one (there may be more) I have seen to accept a connection if there is no agreed security and allow cleartext transport. To add one last point. TLS 1.2 has been in use for about 10 years. At this moment, most browsers and servers use TLS 1.3 with TLS 1.2 as a fallback. Thanks, Michael Irvine -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Benny Pedersen via mailop Sent: Monday, May 20, 2024 19:33 To: mailop@mailop.org Subject: Re: [mailop] TLS inbound to comcast.net CAUTION: This email originated from outside of the organization. Do not click any links or open attachments unless you recognize the sender and know the content is safe. Brotman, Alex via mailop skrev den 2024-05-20 15:09: > Hey folks, > > Over the next few weeks, we're going to be disabling TLSv1/v1.1 > inbound to our platform. Most senders are already using TLSv1.2/v1.3, > so I don't think this will be an issue. However, keep in mind that if > you're not already using those newer versions, you'll now revert to > clear-text. Around the same time, we'll also begin negatively > impacting reputation for clear-text senders (those without > TLSv1.2/v1.3). It won't be a huge impact, but many senders are > extremely cautious in these areas. If you have questions, please let me know. i say disabling tls versions is plain stupid to make plain text a bigger problem, simply don't make that kind of security if comcast.net have found a bug in openssl, please make a ticket for this, so it will be fixed in openssl i don't like your wording on "hey something" _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
