On 07.12.21 19:49, Jacob Champion wrote:
= Implicit TLS =
Reactions to implicit TLS were mixed, from "we should not do this" to
"it might be nice to have the option, from a technical standpoint".
Both a separate-port model and a shared-port model were tentatively
proposed. The general consensus seems to be that the StartTLS-style
flow is currently sufficient from a security standpoint.
I didn't see any responses that were outright in favor, so I think my
remaining question is: are there any committers who think a prototype
would be worth the time for a motivated implementer?
I'm quite interested in this. My next question would be how complicated
it would be. Is it just a small block of code that peaks at a few bytes
and decides it's a TLS handshake? Or would it require a major
restructuring of all the TLS support code? Possibly something in the
middle.
