It appears that Brotman, Alex via mailop <alex_brot...@comcast.com> said: >-=-=-=-=-=- >-=-=-=-=-=- >One of the things I find interesting here is that the question is whether to >disable the protocol version. >We’re not limited to just enable/disable for those versions to get the >attention of the sender (assuming >they’d even notice if they were going clear-text). A receiver could also >impact them by limiting the number >of messages per session, tarpit the sessions, number of messages per >$time-period, or place the messages in the >spam folder, etc. Could we name-and-shame for larger entities? ...
If my logs are at all typical, there are no large entities still using TLS 1.0. I see a lot of spambots, some compromised VPS at the usual suspects like OVH, one well-known IETFer who knows that he needs to update his mail server, and Team Cymru who should be embarassed. While I don't think turning off TLS 1.0 would solve any real problems, I also don't think it would cause much damage. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
