Hi, On Tue, 28 Jul 2015 15:21:54 -0400 micah <[email protected]> wrote:
> I dont understand why both XMPP and SMTP decided to go the route of > deprecating tls-wrapped options and instead only do STARTTLS. This > seems like a wrong approach. > > Even though 465 was deprecated by the IANA a long time ago, its still > widely used for wrapped TLS. In fact, I use it for that purpose > because I dont want to support a downgrade attack STARTTLS option. I tried to check whether I could deprecate the old ports on my servers and at some point decided that the deprecation basically is not happening. I don't have the exact versions, but some outlook version (maybe even the latest) that I didn't expect to be deprecated any time soon only spoke the old ports (not sure if that was for smtp, pop3 or imap). And I agree: They're basically the better solution. As I don't see anyone *really* deprecating the old ports I decided for myself that I'll just stick with them. STARTTLS is risky, because there are mail apps out there that will by default use "STARTTLS if available". That means they'll do STARTTLS, but if the server doesn't support it they'll happily fall back to plain text. It's on my "interesting project I could do at some point"-list to do a check of famous mail client apps how they behave if you configure a starttls connection and then suddenly disable support on the server. If anyone wants to take that project feel free :-) -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgpX7a_3GZ32T.pgp
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
