On Fri, May 28, 2010 at 14:24, Victor Duchovni <victor.ducho...@morganstanley.com> wrote: > On Fri, May 28, 2010 at 11:56:15AM -0400, Phil Howard wrote: > >> I'm not disagreeing with this. I think there should be an SMTPS. > > Rhetorical question: How would a sending domain know that a particular > receiving domain supports SMTPS?
Try it an see. If it fails to connect or times out, and local policy and/or message parameters allow this, fall back to SMTP. Specific detail are probably subject to discussion and maybe standardization. > Clearly SMTPS would not be an alternative to SMTP for MX hosts, rather > it is only alternative to to port 587+STARTTLS for submission servers. I don't agree. But it could be argued that SMTP+STARTTLS is sufficient for MX. I haven't done the analysis to know if the exposure risks in STARTTLS apply to MX or not. > This means that if we want to support (opportunistic) TLS for domain > to domain delivery, we need STARTTLS. And in fact opportunistic TLS > is now widely (though not universally) deployed in this context. And this goes back to the arguments for SMTPS. Is there any definitive analysis that says that STARTTLS has risks for submission and never can have any for MX? > Given that SMTP + STARTTLS is available, there is little need for yet > another protocol for submission. So on the whole SMTPS would not solve > any issues that SMTP + STARTTLS does not handle adequately. Over and > out. I guess you need to argue that with Greg. He seems to be more of an advocate for that than I do (I don't have the time to do the analysis ... though I do have the biased preference to simply move EVERYTHING on TCP ... and even SCTP ... over to wrapped TLS).
