On Wed, 3 Aug 2022, Grant Taylor via mailop wrote:
On 8/3/22 6:26 AM, Taavi Eomäe via mailop wrote:
Lastly, RFC8314 (re)defines port 465 as implicit TLS SMTP submission port.
Implicit TLS is considered a significantly better approach than upgrading
connections. Do you support that?
There are times that I question the actual security differences between
implicit TLS verses /requiring/ explicit TLS. E.g. configuring the
submission port (587) to refuse to do anything without first issuing
STARTTLS.
What you mean by "actual security differences" may be significant.
IIUC the "No STARTTLS" people have found that, when connecting a TLS
library to application code, allowing connections to be upgraded from
clear to encrypted produces many more bugs than just requiring the
connection to be secure from the start.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
