On 3/5/19 12:23 PM, Maxim Dounin wrote: > Not sure it is a good change. Thank you for your detailed reply and explanation. I agree with you on all facets with respect to RFC compliance. I believe the core issue at hand is the antiquated language in the current RFC conflicting with common practice -- several final destination MTAs on the public Internet, depending on their role/use, do require and enforce TLS communication only either on a per-sender, per-recipient, or per-server basis. That said your rationale for rejecting the patch is accurate and mirrors similar expressed in Postfix at www.postfix.org/postconf.5.html#smtpd_tls_security_level regarding 'encypt'.
If you find the proposed patch satisfactory from a technical aspect I will commit the patch locally for a specific use case which would fall under the category of 'dedicated servers'. For your consideration, perhaps a configuration option of: starttls dedicated; With the proposed patch would meet both a use case and RFC requirement aspect.Thanks, Nathan _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
