On Fri, Sep 5, 2014 at 5:25 PM, Viktor Dukhovni <[email protected]> wrote: > On Fri, Sep 05, 2014 at 08:27:12PM +0200, Steffen Nurpmeso wrote: > >> I don't know how many messages are sent over SMTP each day, but it >> would be interesting to know how much energy all those useless >> roundtrip packets consume which are necessary to get upgrade >> a SMTP session via STARTTLS, and how many percent of those >> connections could also instantiate a non-existent SMTPS instead, >> not requiring these upgrades. > > SMTP is not that latency sensitive. Because SMTP starts in cleartext, > servers can and do refuse to STARTTLS with clients they are going > to reject due to poor IP reputation. > > There are other advantages. For example, the server learns the > client's EHLO name before TLS, allowing it to base TLS policy (like > requests for the client certificate) on the the client's EHLO name. > And of course clients that fail to interoperably negotiate TLS can > fall back to cleartext. > > All told, STARTTLS is a good fit for SMTP, which unlike HTTP is > not nearly as sensitive to latency.
Very good points and points that designers of DNS privacy approaches would do to bear in mind. Any protocol that has a server performing a public key transaction without any form of authentication on the request is going to end up being killed by DoS. So the trick is to pull the authentication out of the DNS query loop so it can be amortized. _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
