Am 29.12.24 um 06:45 schrieb Ralph Seichter via Postfix-users:
* Steffen Nurpmeso via Postfix-users:
there is this IETF draft which asks for support SMTPS (aka really,
now), that is Implicit TLS via dedicated port for SMTP.
[1] https://datatracker.ietf.org/doc/draft-nurpmeso-smtp-tls-srv/02/
Hello,
I've problems with that
1. usually, IETF drafts are discussed on IETF mailing lists.
I didn't found any such discussion not even an announcement "hey, there is this
draft, what do you think?"
2. the draft say
> This specification avoids downgrade attacks on the opportunistic approach
of STARTTLS
I can't agree. A active attacker, able to strip STARTTLS from the EHLO
server response, is also able to strip the SRV record from dns.
It's only harder.
I do not think, this is currently a topic for this list.
Andreas
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
