12 Jan. 2019 г., 8:44 Viruthagiri Thirumavalavan <giri@dombox.org>:
Pros of introducing Implicit TLS: + Falls under Best Practices + Seems like it's what the world wants.
None of the above is really a technical argument within standards process. The world wants emojis in domain names, so what?
+ Sets an early date to deprecate Opportunistic TLS in the future.
There's nothing bad in opportunistic TLS per se, and no reason to deprecate it. The real problem is the (absent) downgrade resistance: SMTP in cleartext is historically the default, and there's no tool to reliably advertise to *everyone* on the Internet that your particular SMTP server is not obsolete. Also, TOFU is similarly unreliable for that matter and too opaque for troubleshooting. None of the issues above are solved by adding yet another port to the already overblown e-mail port bundle. In fact, implicit TLS still has some advantages over the explicit version (e.g. 0-RTT) that you've missed, but they are of questionable profit for e-mail. -- Töma