nanog mailing list archives

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

From: Viruthagiri Thirumavalavan <giri () dombox org>
Date: Sat, 12 Jan 2019 21:44:13 +0530

Hi Seth,

My solution is intended for clients. A client should decide whether to
transmit mails in clear text or not.

In other words, the server can accept mails in clear text. The prefix
informs the client, that the server supports TLS.

A client that knows what "starttls-" prefix stands for, would come to know
downgrade attacks if the STARTTLS command not found in EHLO response.

If I force the server to accept only TLS, then that's not backward
compatible.

Thanks

On Sat, Jan 12, 2019 at 9:24 PM Seth Mattinen <sethm () rollernet us> wrote:

On 1/11/19 9:38 AM, Viruthagiri Thirumavalavan wrote:

Hello NANOG, Belated new year wishes.

I would like to gather some feedback from you all.

I'm trying to propose two things to the Internet Standard and it's
related to SMTP.

(1) STARTTLS downgrade protection in a dead simple way

(2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.



Why would anyone need this when you can just set an option in most (all
modern?) SMTP servers to refuse clear connections if you want to force
TLS at all times?



-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Current thread:

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request], (continued)
- - - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Töma Gavrichenkov (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Robert Blayzor (Jan 14)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 14)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Suresh Ramasubramanian (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Tom Beecher (Jan 14)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Constantine A. Murenin (Jan 11)
- Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Seth Mattinen (Jan 12)
  - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] James Downs (Jan 12)
    - Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
- Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] John Levine (Jan 12)
  - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Brian Kantor (Jan 12)
    - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Eric Tykwinski (Jan 12)
    - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] valdis . kletnieks (Jan 12)
    - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Viruthagiri Thirumavalavan (Jan 12)
    - Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request] Töma Gavrichenkov (Jan 12)

(Thread continues...)