Brandon Long wrote: > > > On Tue, Jun 30, 2015 at 8:12 AM, Hugo Slabbert <[email protected] > <mailto:[email protected]>> wrote: > > On Tue 2015-Jun-30 01:04:48 +0200, Michelle Sullivan > <[email protected] <mailto:[email protected]>> wrote: > > That said, so far today, only 0.015% of our outbound > messages that > were over an encrypted link were using SSLv3. At our > volume, that's > not nothing, unfortunately, but it's a pretty small amount > to allow to > continue to allow the possibility of breaking the rest. > TLSv1 is > still about 5%, way too high to deprecate at this point. > > Inbound is 0.1% at SSLv3, 37% at TLSv1. > > So +60% is unencrypted inbound... because it has to be or > because it is > not forced otherwise... that is the burning question. You policy > Encrypted or nothing and it'll be interesting how many cope > and how many > don't... > > > Just to be clear: It sounds like you're talking about a scenario > where Google would require TLS inbound and possibly outbound and > refusing *any* cleartext delivery. Is that right? Correct me if > I'm wrong, but I don't believe Brandon's said anything to that > effect. Any discussion so far has been about "if STARTTLS && ( > DHE -le 512 ) then disconnect", possibly/probably with DANE in the > mix as well and refusing to fall back to clear if STARTTLS is > initiated but fails to negotiate, but nothing about refusing *all* > cleartext SMTP from the get-go, > > > Yes, we're a long ways away from requiring encryption for gmail.com > <http://gmail.com> or probably even google.com <http://google.com>. Then I apologize as I got the wrong impression/mis-read previous emails.
Michelle -- Michelle Sullivan http://www.mhix.org/ _______________________________________________ mailop mailing list [email protected] http://chilli.nosignal.org/mailman/listinfo/mailop
