On 11/01/2018 01:35 PM, Viktor Dukhovni wrote:
On Thu, Nov 01, 2018 at 01:15:04PM -0700, Alice Wonder wrote:
My advice is to accept the current state as a transitional phase to
to potentially more secure email in a decade or so from now.
Both opportunistic TLS and DANE secured TLS could still be supported on
Port 25 allowing a staggered adoption until such time that the majority
of mail servers implement it.
Sorry, it can't be turtles all the way down. Anything that can
reliably signal a mandatory security policy for port 465, can with
less disruption do the same for port 25. And port 465 is already
taken for SUBMIT, it is NOT an inbound relay port.
Doesn't have to be 465. The point of different port than 25 is it makes
it easy to keep 25 as the status quo opportunistic for backwards
compatibility while phasing in SMTPS that only allows secure connection.
Using a different port allows changes to STMP that are not backwards
compatible with current SMTP to potentially fix other legacy issues,
potentially even some that reduce ability to spam.
