-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 2015-06-25 at 13:25 -0700, Brandon Long wrote: > We haven't implemented it yet, though we expect to in the near future.
Does this mean that google will then refuse to deliver mail to sites that: 1) advertise starttls in response to ehlo, and 2) have a 512 bit DH key? That seems to be implied by "we (google) stopped falling back to unencrypted connections..." In this, as in so much else in life, the behavior of the giants (google, microsoft, etc) will determine what is acceptable regarding delivery to such sites. If we need to automatically fall back to an unencrypted connection (ignoring the starttls offer from the server), users of sendmail will need to script something to automatically add entries to their access file. The current sendmail does not have any built-in support for such a fallback. If google will refuse to deliver mail to such sites, that will remove any pressure on sendmail and its users to implement such an automatic fall back scheme. The burden is then entirely on those old receivers to upgrade their DH keys. This is the outcome that I would prefer. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlWNn3oACgkQL6j7milTFsHfeACdHm0/A3sj/Zokb+lsZI7fkyNx yZgAn1riv/0lJ3V4Ba9W71sl8EfanEqt =3b73 -----END PGP SIGNATURE----- _______________________________________________ mailop mailing list [email protected] http://chilli.nosignal.org/mailman/listinfo/mailop
