Most new MTA implementations over the past several years default to TLS with strong ciphers. So how much of a problem is low or no TLS right now? How much more of a problem will it be over the next year or two as older hardware is retired and new servers + software deployed, or as is more likely, people move their mail to cloud services that already do support strong ciphers for TLS? How worth solving is rhe problem - what is the return for all this effort? --srs ________________________________ From: NANOG <nanog-bounces+ops.lists=gmail.com@nanog.org> on behalf of Viruthagiri Thirumavalavan <giri@dombox.org> Sent: Saturday, January 12, 2019 9:21 AM To: nanog@nanog.org Subject: Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] If you all think my prefix proposal have some merits, it still paves the way for future smtps proposals. So I have no issues with killing smtps part of my proposal. As for signalling, I'm not sure whether moving the signalling part to another record type is a good idea. Because my signalling proposal is flawed without DNSSEC as Brandon Martin pointed out. So if we move the signalling part to another record type, then we may have to deal with multiple record set signatures. Also there is one more configuration for the end user. But i'm open for suggestions. To the person who trolled me. I'm here to have some intellectual conversation. So please stop trolling me. You are an engineer. So don't behave like a teen in youtube comments section. I'm proposing these stuffs, so the world can benefit something. By trolling me, you are just killing that. To everyone else, please go easy on me. If I'm little off on something, please forgive my ignorance. The reason I'm here is because you all know these stuffs better than me. I'm here to get some feedback. If you all think opening a new port is waste of time, I'm ok with that. But if you see some benefits on Implicit TLS over Opportunistic TLS, please point that out too. Thank you for your time.