Firefox does not speak MTA, so you are talking about a completely
different problem. MTA is oportunistic TLS, web is required TLS.
Are equivalencies a bad thing though? I'm talking about a general
acceptance of the idea that a user should not be given a false sense of
security by being presented with confirmation of a secure connection
when it isn't secure. I shouldn't have to hold back from using similar
situations in illustrations simply because they're not a 1:1 match in
irrelevant ways. The relevancy as pointed out in my words remains,
stripping end users from any connection to the technical details of a
mail server is to be completely ignorant of the exceptional growth of
individual mail server administrators who need guidance and rely on a
sane industry to perform sane activities around them. Telling them "no"
when it isn't sane to tell them yes is sane behavior. If it isn't, then
telling any end user anywhere at any time using any application "no"
instead of "You have a secure connection" under any any every
circumstance including ones in which the connection is in fact not
secure, would be equally as insane regardless of their choice in
protocol.
The government wire tapping the upstream provider to catch your packets
isn't going to say "Oh this is SMTP, I'm not supposed to touch it."
There's no universal bro code to leave SMTP alone and only spy on HTTP
activity.
On 2022-08-03 16:02, Bastian Blank via mailop wrote:
On Wed, Aug 03, 2022 at 03:05:43PM -0500, Jarland Donnell via mailop
wrote:
> You clearly see what TLS version and what ciphers were used. So you know
> if
> it was "secure" in your opinion or not.
I don't understand why Firefox did this:
https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/
Firefox does not speak MTA, so you are talking about a completely
different problem. MTA is oportunistic TLS, web is required TLS.
Bastian
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
