On Mon 2019-01-07 06:42:10 -0800, Alice Wonder wrote: > If it were up to me, an RFC would be published deprecating opportunistic > TLS for SMTP. > > System administrators would have three years, but after that, TLS 1.3+ > would be required for SMTP.
There is precedent for far-reaching flag days for security and performance changes in protocols that are not directly user-facing: XMPP manifesto for authenticated TLS on all connections: https://github.com/stpeter/manifesto/blob/master/manifesto.txt DNS: requiring authoritative servers to support EDNS queries: https://dnsflagday.net/ There's no reason in principle that a well-motivated and well-organized push for SMTP couldn't have a comparable set of deadlines. But doing so will take organizing and technical work to coordinate such a transition. I think the community would welcome that, but figuring out what specific timeline is plausible; getting affirmative buy-in; setting up adequate testing and notice; etc, is the real work involved. It won't happen just by wishing it. --dkg
signature.asc
Description: PGP signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
