-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/28/2015 09:21 PM, micah wrote: > Aaron Zauner <[email protected]> writes: > >>> Maybe you should have a look at how many of the servers that support >>> SMTPS do not support STARTTLS on port 25 (MTA) or 287 (MSA)? Or put >>> differently: Is there still any valid reason to offer 465? According to >>> my limited experience there isn't. But OTOH I do not run a big mail >>> provider. >> >> 465 has been deprecated by IANA back a long time ago ('98 if I remember >> correctly). You should use 587. >> >> Implicit TLS is still a better choice than STARTTLS im my opinion >> (stripping, filtering..). > > I dont understand why both XMPP and SMTP decided to go the route of > deprecating tls-wrapped options and instead only do STARTTLS. This seems > like a wrong approach. > > Even though 465 was deprecated by the IANA a long time ago, its still > widely used for wrapped TLS. In fact, I use it for that purpose because > I dont want to support a downgrade attack STARTTLS option. In either case you don't know if the other server supports it, in case you never connected to that particular host. The problem is the same IMHO. You can ask an authority (DNS or other lists), which server should support SMTPS or STARTTLS. But then you have the authority problem like with CAs. One possibility is to remember what the server supported last time. The similar approach like CertPatrol. But again that's no real solution.
Implementing/deploying TLS wrappers is easier than STARTTLS, yes > > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > > -- > python programming - mail server - photo - video - https://sebix.at > To verify my cryptographic signature or send me encrypted mails, get my > key at https://sebix.at/DC9B463B.asc and on public keyservers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJVt+YMAAoJEBn0X+vcm0Y7PfkP/3kMnDrqWsV+ybXLUNEmA3nD xw6bxG3N79yLg9ZaYUhLBPIhOZ2cshVq/JJ4nGyXwurlwTvuBglFA1qX3n018Y48 P6ZI44GjHPGLNmB7xybe2vTUyWrcpsp7hMhOcquwWHVam7r4hUKZInYPE4bWCYY+ 38V0kRJJQcexAtwe9l5F8+PVmFkNab+St2dpQQuBCaSmNqtfgwX6DX7T/5iEamdH q0pgSa67VvMWqPMBO5MNnRLkBdt2xTGxaObvcakYdRxelMIBY+r85nO5JNRulHBU Vp4VCFcy1NBa9XbhunBUN8zX2TQN9zGnpwj89+Q3GT9fx2vKon5i/LozWiVvEcu5 agbucjwpyMJ5KeMHyBcEAZB5e5yMkdDI4xj48XqVv/l+2BqVf/yymocE88RaCG92 fU56BmJIhqAZIuEt9tYt6ixb7XT43j1cUK2OrqCFgmXu6uDdjjNFtxpMAwda9QmN p0vYR48Xc1MM6BIgPwVKjIj2j67ay3YhIOxrV9OUDXHx9TW+NTDQMTJ57/KXMj4I yqV9V6siixywA7VukF2zhhq6Y8ClGPl2r7YeexP+FEwSiWXB8l/BTwEhQIX7Ttl/ U4nbbQuEw09Z/JHAL+hHX/kqQNNpzyT6E/DDR5r7+gxTUVoPS//PFQqD+wZ88JeU oH6PtJfdgtYM/1iLMwyb =Ar8q -----END PGP SIGNATURE----- _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
