Re: [Uta] What's the right thing to do about Port 465?
Keith Moore <moore@network-heretics.com> Mon, 10 March 2014 16:01 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DCEF1A04A8 for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 09:01:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfQUrVlvh3c8 for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 09:01:28 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by ietfa.amsl.com (Postfix) with ESMTP id 2A5D01A0496 for <uta@ietf.org>; Mon, 10 Mar 2014 09:01:28 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 4A21321238; Mon, 10 Mar 2014 12:01:22 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 10 Mar 2014 12:01:22 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=XhgwJK4X4qa8MnJiYM1EpO 9KRL0=; b=l55+x3kP/RT0ejT5iVgx35oyCmGAxCC8Yzw8eY9x1x2tJFz7iWOwAX mzHf7VcUywN0Cztb2uLmAe2gjy/Mzz0QQvjH1/g53Goy0H0cb2Ft2gusFEmCRyX0 wWzsCOfuol2fJCkVvgxxX7/v7L7WCOQjBWj5YYM7qOugkc4/bW/S0=
X-Sasl-enc: 8UhQfKpZGNa7C5TXfDBB+GeJz6khZIpGc1GiDrEaHWEy 1394467281
Received: from [192.168.1.4] (unknown [65.16.145.177]) by mail.messagingengine.com (Postfix) with ESMTPA id AE56868011C; Mon, 10 Mar 2014 12:01:20 -0400 (EDT)
Message-ID: <531DE197.3000609@network-heretics.com>
Date: Mon, 10 Mar 2014 12:00:23 -0400
From: Keith Moore <moore@network-heretics.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Tony Finch <dot@dotat.at>
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD89@USMBX1.msg.corp.akamai.com> <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90> <00cd01cf3b05$4e5fa500$eb1eef00$@huitema.net> <531D60FC.2090604@cisco.com> <531D6338.7050505@network-heretics.com> <alpine.LSU.2.00.1403101426160.18502@hermes-1.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.1403101426160.18502@hermes-1.csi.cam.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/dHSIztACGfC63ihvD6L1u9coQRk
Cc: uta@ietf.org
Subject: Re: [Uta] What's the right thing to do about Port 465?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 16:01:30 -0000
On 03/10/2014 10:32 AM, Tony Finch wrote: > Keith Moore <moore@network-heretics.com> wrote: >> So is the right thing to do: >> >> a) Recommend port 465 anyway, but document the problem with these routers? > The current use of port 465 for message submission should be documented, > but MUAs should be recommended to use STARTTLS on port 587 instead. They > are generally following this recommendation already. I would actually like to discourage use of cleartext ports and STARTTLS. I believe the desirable end-state for all email protocols is to always use Implicit TLS; which is both simpler and more secure. Clearly both clients and servers will still need to be configurable to support port 587 and STARTTLS for some time for interop with legacy servers and clients, respectively, but I think this should be phased out over time, and the standard / "MUST implement" practice should be Implicit TLS on a well-known port. Keith
- Re: [Uta] Port 465 Eliot Lear
- [Uta] Port 465 Salz, Rich
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] Port 465 Ilari Liusvaara
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 t.p.
- Re: [Uta] Port 465 Eliot Lear
- [Uta] What's the right thing to do about Port 465? Keith Moore
- [Uta] What's the right thing to do about Port 465? Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… Tony Finch
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 Eliot Lear
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] Port 465 Joe St Sauver
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Chris Newman
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore