Yeah, this is what I would suggest as well, especially for SMTP. There are a host of operational problems with attempting to vary the port.
Eliot On 11/24/15 11:41 PM, Ted Hardie wrote: > On Tue, Nov 24, 2015 at 2:23 PM, Ted Lemon <[email protected] > <mailto:[email protected]>> wrote: > > Tuesday, Nov 24, 2015 4:25 PM Eliot Lear wrote: > > What benefit would this add to the average user? > > It's the germ of an interesting idea. The theory would be that a > sniffer at the backbone would have to listen to all traffic, not > just traffic on port 25. > > > I don't think that's quite right. A port-specific sniffer would have > to know what SMTP port was correct for a specific domain. Depending > on the TTL of the record, that might turn into a table lookup for > setting the sniffers rather than listening to all traffic. > > That said, I rather suspect that listening to all traffic is pretty > much in the program of most signals intelligence agencies anyway, > because the ephemeral ports can be be used by VoIP and other media > traffic. DPI on that would tell you which ones were SMTP and which > others pretty rapidly. > > However, it's not as good as SMTP+TLS, and has the same adoption > problem, plus SMTP+TLS has a _big_ head start, so it's probably > better to concentrate our efforts on making that work even better. > > > Yes, focusing on getting encryption underneath it seems like a > better use of energy; at most, port shifting is minor security through > obscurity, and that doesn't tend to give you a lot of bang for your buck. > > Just my two cents, > > Ted > > > > > -- > Sent from Whiteout Mail - https://whiteout.io > > My PGP key: https://keys.whiteout.io/[email protected] > _______________________________________________ > perpass mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/perpass > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
