On Fri, 24 Oct 2008, John C Klensin wrote: > > (2) Fix it, on the theory that the idea of using SMTP over TLS > is reasonable but that the specification needs tightening up. > > The second is completely consistent with generating a new > document and trying to advance it to Draft Standard. If that > were to fail because of the number and nature of changes that > would be required, we would still have a document to recycle at > Proposed that, presumably, would be better than what we have > now, especially given the weaknesses you identify/claim. > > Are you suggesting some other course of action?
No, I agree this is the way to go, and I agree with your postscript too :-) I thought I ought to do a quick brain dump of the major issues since the topic came up and it's one of my hobby horses. RFC 3207 works well for message submission, and the improvements I think it needs are minor. The same is true for explicitly configured relaying. However I don't know how to address its weaknesses for inter-domain relaying via MX records. At the same time relaying is often much less vulnerable to active attack than message submission, so there seems to me to be less need for TLS in this situation. (I'd probably have a less sanguine point of view if I had lots of mail going through a dodgy shared hosting environment...) Tony. -- f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/ GERMAN BIGHT HUMBER: WESTERLY BACKING SOUTHWESTERLY 5 TO 7, PERHAPS GALE 8 LATER. MODERATE OR ROUGH, OCCASIONALLY VERY ROUGH. RAIN OR SHOWERS. MODERATE OR GOOD.
