> On Oct 25, 2018, at 4:26 AM, Daniel Ryšlink <rysl...@dialtelecom.cz> wrote:
>
> The rationale here is that by accepting provenly insecure protocols, one
> provides an illusion of security, which is potentially more dangerous than
> transparently refuse, and fall back to plaintext delivery to preserve the
> functionality (which can create an incentive to upgrade from probably
> obsolete and unsupported software).
With opportunistic TLS there's no "illusion of security", because
there can't be an illusion when nobody is watching. No security
other than against passive monitoring is provided, and none is
expected. No user is interacting with the system to observe any
promise of secure delivery. The usual HTTP attacks are difficult
to apply.
By all means enforce stronger TLS on mandatory channels for submission,
or pre-arranged with business partners, or with DANE, ... But there's
little to be gained by refusing to do TLSv1 with opportunistic clients
or servers, other than perhaps a certain kind of satisfaction...
> "As soon as practicable, MSPs currently supporting Secure Sockets Layer (SSL)
> 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users to TLS 1.1 or later
> and discontinue support for those earlier versions of SSL and TLS." - RFC 8314
The authors of RFCs have all kinds of lofty ideas, not always aligned with
the best interests of the users. Another RFC you might look at is 7435.
--
Viktor.
