On March 13, 2016 at 10:32:03 , Aaron Zauner ([email protected]) wrote: Hi, Excellent to see that there's renewed progress with this (important) document!
I will be looking over the document again in the next few days a couple of times, I've just reviewed the diff and this came to mind: Appendix A documents use of port 465 pretty well. It should be noted that there's a document that deprecates use of this port, but IETF/crypto-protocol-security discussion over the last years has showed clearly that in-band upgrade is not the way to go, hence STARTTLS and ports registered for it's use should continued to be used, but a paragraph might be added that use of port 465 (and thus implicit TLS as opposed to STARTTLS) is preferred. We don't get (stripable) in-band upgrade. It should also be noted that - in the current state of SMTP deployments at least - this port usually serves certificates that are not officially signed by certificate authorities, and are, quite often, broken in some sense: wrong/bad common name, strange extension fields and sometimes broken character-set induced problems in certificates. Thanks for working on this again, Aaron _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
