On 01 Nov 2018, at 13:48, Alice Wonder <al...@domblogger.net> wrote: > Opportunistic TLS is a concept I do not like. DANE fixes the issues for > system admins willing to implement DNSSEC and add a TLSA record but it seems > many are not, so MTA-STS was invented. > > MTA-STS has the same flaw as opportunistic TLS. It uses an insecure channel > to determine if it should use a secure channel.
Since the MTA tp MTA communication does not involve secure information like logins, passwords, etc, there is no issue with either opportunistic TLS nor with using an insecure channel to determine if security should be used. After all, if the encryption fails, the mail is sent in the clear. -- It was a fifty-four with a mashed up door and a cheesy little amp with a sign on the front said "Fender Champ" and a second-hand guitar it was a Stratocaster with a whammy bar
