Hi Ned,
But we have documented this at this level of detail before now - in RFC 2595
section 7.
Now, I have no objection to adding a sentence to the security considerations
section saying that use of imaps/pops are discouraged and pointing to the
previous text on this issue. But I see little if any value in repeating the
explanation here. And I'll again repeat that if your goal really is to change
existing deployment practices, the only chance you have of doing that is with a
separate document specifically on this point and this point alone.
For what it's worth, RFC 4642 for the STARTTLS command with NNTP
mentions in its introduction:
In some existing implementations, TCP port 563 has been dedicated to
NNTP over TLS. These implementations begin the TLS negotiation
immediately upon connection and then continue with the initial steps
of an NNTP session. This use of TLS on a separate port is
discouraged for the reasons documented in Section 7 of "Using TLS
with IMAP, POP3 and ACAP" [TLS-IMAPPOP].
This specification formalizes the STARTTLS command already in
occasional use by the installed base. The STARTTLS command rectifies
a number of the problems with using a separate port for a "secure"
protocol variant; it is the preferred way of using TLS with NNTP.
[TLS-IMAPPOP] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC
2595, June 1999.
Same problem. That behaviour was never documented, but unfortunately
is what is currently usually implemented :-/
--
Julien ÉLIE
« The most effective way to remember your wife's birthday
is to forget it once... » (Nash)
_______________________________________________
yam mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/yam
