[pfx] Re: Implicit TLS via SRV record?

Mon, 30 Dec 2024 14:55:03 -0800 

Wietse Venema via Postfix-users wrote in
 <4ymsrw3pqbzj...@spike.porcupine.org>:
 |Steffen Nurpmeso via Postfix-users:
 |> Btw why do you say "odd"?  SRV has the possibility for port 0 ever
 |> since it was created, yet port 0 never was a valid port.  So to
 |> the contrary even (hah!) we finally live it in full, what was only
 |> envisioned in the past.  If that isn't progress, i do not know.
 |
 |    if _smtps._tcp.DOMAIN exists and the port is 0, then the host
 |    asserts it supports STARTTLS [on port 25]
 |
 |I'm sorry, but can we please avoid proposals that repurpose some
 |"invalid bit pattern" case to signal that a domain supports:
 |
 |- a feature that is not part of the protocol (smtps) that is mentioned
 |  in the request,
 |
 |- on a port (25) that is not mentioned in the request or response.

The draft says it differently, of course, Wietse Venema.
It says "SMTP/TLS SRV Service Name" and then has totally distinct
words

   STARTTLS
      Whenever a domain publishes an according DNS SRV[RFC2782] resource
      record it asserts availability of Secure SMTP, that is, of the
      STARTTLS[RFC3207] SMTP service extension on the normal
      SMTP[RFC5321] port (specified by IANA as port 25).  The port
      number MUST be given as 0.

   Implicit TLS
      If the port number of the published SRV resource record is not 0,
      then the domain announces to support Implicit TLS on the given
      port in addition to STARTTLS on the normal SMTP port.[.]

But actually i got very important feedback regarding SRV and MX.
And whereas from an English, i think the German BSI and their
_smtp SRV are on a better track in that they make the SRV actually
*replace* the MX.  Whereas my thought was only about peeking at
state for the asserted SMTP contact domain name.
So draft -02 will not be the last.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
|
|In Fall and Winter, feel "The Dropbear Bard"s pint(er).
|
|The banded bear
|without a care,
|Banged on himself for e'er and e'er
|
|Farewell, dear collar bear
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to