On Wed, Apr 23, 2014 at 04:21:14PM +0200, Per Thorsheim wrote:
> RFC3207 says publicly available servers are required to support
> plaintext and fallback to plaintext if cipher negotations etc fail.
Correct.
> It seems to me as if mailadmins prefer supporting "everything",
> since anything is better than plaintext.
Correct. This is called "opportunistic TLS". For an explanation
of why that's the best possible for SMTP at Internet scale without
DNSSEC see (version may change from 08 at some point):
http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-08.html#channelsecurity
> On the other side webadmins and crypto people saying that SSLv3, 128 bit,
> 2048 bit key and valid cert should be a minimum.
HTTPS is not SMTP and PKIX TLS is not opportunistic TLS.
> I would really like to hear honest and justified opinions on what
> to consider "good" and "best" practices on this matter.
There's an air of superiority in that question, avoid the temptation
to demand explanations.
Better than opportunistic TLS for SMTP requires DNSSEC + DANE.
Have you implemented DNSSEC for your domain? Published TLSA records?
Planning to go to Patrick Koetter's talk at Linuxtag Berlin on May
10th?
http://www.linuxtag.org/2014/de/programm/vortragsdetails/?eventid=3111
--
Viktor.
