But why do you think creating an out of band verification channel and separate port is going to work for this? There is plenty of local policy available as well to mandate that tls be negotiated with a set of allowed ciphers and prohibit others —srs ________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Viruthagiri Thirumavalavan <giri@dombox.org> Sent: Saturday, January 12, 2019 7:43 AM To: Doug Royer Cc: nanog@nanog.org Subject: Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Hello Doug, it's happening in ietf-smtp. This is my first proposal. So haven't created the I-D yet. I'm not sure how to create one. That's why I published my proposal in the medium. Please see the medium link I posted earlier. Thanks. On Sat, Jan 12, 2019, 6:46 AM Doug Royer <douglasroyer@gmail.com<mailto:douglasroyer@gmail.com> wrote: On 1/11/19 10:38 AM, Viruthagiri Thirumavalavan wrote:
Hello NANOG, Belated new year wishes.
I would like to gather some feedback from you all.
I'm trying to propose two things to the Internet Standard and it's related to SMTP.
(1) STARTTLS downgrade protection in a dead simple way
(2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.
I posted my proposal in IETF mailing list. I got very good feedback there. Some support my proposal. Many are against it.
What is the IETF draft name? Which IETF mailing list did this discussion happen on? -- Doug Royer - (http://DougRoyer.US http://goo.gl/yrxJTu ) DouglasRoyer@gmail.com<mailto:DouglasRoyer@gmail.com> 714-989-6135