A. Schulze via Postfix-users wrote in <4f547a98-3319-48cd-93bd-7233f2263...@andreasschulze.de>: |Am 29.12.24 um 06:45 schrieb Ralph Seichter via Postfix-users: |> * Steffen Nurpmeso via Postfix-users: |> |>> there is this IETF draft which asks for support SMTPS (aka really, |>> now), that is Implicit TLS via dedicated port for SMTP. |> |> [1] https://datatracker.ietf.org/doc/draft-nurpmeso-smtp-tls-srv/02/ | |I've problems with that | |1. usually, IETF drafts are discussed on IETF mailing lists. | I didn't found any such discussion not even an announcement "hey, \ | there is this draft, what do you think?"
I also think quite a bit happens behind the scenes of IETF mailing lists. And they meet four times year on different places of the world, for example. |2. the draft say |> This specification avoids downgrade attacks on the opportunistic \ |> approach of STARTTLS | | I can't agree. A active attacker, able to strip STARTTLS from the \ | EHLO server response, is also able to strip the SRV record from dns. | It's only harder. This argument is however true for all other email and more protocols, then, which use the same mechanism. There now is DNS over encrypted transport, so "the attacker would need to control two distinct connection end points", generally speaking. Actually i am not keen to defend the mechanism by itself: it is standardized and in use, for example for SUBMISSIONS as supported by postfix, and supported by postfix thus. I personally never understood the confusion then/and/or mess on smtps/submissions, but that the outcome is the way it is for SMTP, that can, in my opinion, only be described by the vocabulary used by those who deal with mental health issues, and the hope would be to get rid of an uncountable number (many, many billions each day) of totally useless blocking roundtrip packets. Coming back to the IETF. these are so completely anachronistic in several ways that a vibrant community would and should rush to eliminate them. |I do not think, this is currently a topic for this list. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
