> On Feb 11, 2018, at 8:26 PM, Harald Koch <c...@pobox.com> wrote:
>
> Is this change in long-standing opinion of the IETF only because existing
> implementations so often ignore STARTTLS, or is there actually a security
> issue with STARTTLS (instead of implicit TLS)?
There is no issue with STARTTLS when it is enforced by the client.
Indeed it gives the server an opportunity to evaluate the client
IP and respond appropriately in the clear, without having to first
perform a TLS handshake.
STARTTLS is just fine, especially on port 25, but is also fine
on port 587. We might now see more use of port 465, or the
status quo may continue largely unchanged.
--
Viktor.
