12 Jan
2019
12 Jan
'19
10:53 a.m.
On 1/11/19 9:38 AM, Viruthagiri Thirumavalavan wrote:
Hello NANOG, Belated new year wishes.
I would like to gather some feedback from you all.
I'm trying to propose two things to the Internet Standard and it's related to SMTP.
(1) STARTTLS downgrade protection in a dead simple way
(2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.
Why would anyone need this when you can just set an option in most (all modern?) SMTP servers to refuse clear connections if you want to force TLS at all times?