On Fri, May 28, 2010 at 02:35:13PM -0400, Phil Howard wrote:
> On Fri, May 28, 2010 at 14:24, Victor Duchovni
> <victor.ducho...@morganstanley.com> wrote:
> > On Fri, May 28, 2010 at 11:56:15AM -0400, Phil Howard wrote:
> >
> >> I'm not disagreeing with this. ?I think there should be an SMTPS.
> >
> > Rhetorical question: How would a sending domain know that a particular
> > receiving domain supports SMTPS?
>
> Try it an see. If it fails to connect or times out, and local policy
> and/or message parameters allow this, fall back to SMTP. Specific
> detail are probably subject to discussion and maybe standardization.
No. This is a really poor idea. You're not supposed to answer rhetorical
questions, you just risk looking a bit silly...
> > Clearly SMTPS would not be an alternative to SMTP for MX hosts, rather
> > it is only alternative to to port 587+STARTTLS for submission servers.
>
> I don't agree. But it could be argued that SMTP+STARTTLS is
> sufficient for MX. I haven't done the analysis to know if the
> exposure risks in STARTTLS apply to MX or not.
See above.
> And this goes back to the arguments for SMTPS. Is there any
> definitive analysis that says that STARTTLS has risks for submission
> and never can have any for MX?
There is no fundamental need for a second protocol, but Postfix supports
it because legacy clients (that will over the next few years disappear,
since modern Outlook supports STARTTLS) don't support 587 + STARTTLS.
> I guess you need to argue that with Greg. He seems to be more of an
> advocate for that than I do (I don't have the time to do the analysis
> ... though I do have the biased preference to simply move EVERYTHING
> on TCP ... and even SCTP ... over to wrapped TLS).
I don't get into arguments with Greg.
--
Viktor.
