On Sat, Jan 09, 2016 at 10:19:07AM -0430, Alberto Mijares wrote: > > I think the approach reyk took with httpd, supporting only TLSv1.2 by > > default is the correct one. If people insist on shooting a hole in their > > security foot to support obsolete clients and organizations with crap > > security like Discover.com and Paypal.com, so be it, give them a knob to do > > so, but don't let them do it unknowingly. > > > > [1] https://www.mail-archive.com/misc%40opensmtpd.org/msg02326.html > > > > > I second that motion. Just for the record. >
This is not realistic, we're not in the same situation than httpd at all and while someone can easy resubmit a request to httpd, mails which were incoming and that we could not handle may not necessarily be resubmitted which will cause data loss for users, We're pushing for more crypto but there's no way we'll simply go the way of breaking everyone's communication because we think they should not be exchanging mail with people running servers WE consider outdated. However an idea has been floating which will make you happy while not be too harsh for the regular users. I'm giving the idea some thinking right now so I can come up with a nice diff soon. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
