+++ Matthew Byng-Maddick [exim-users] <27/12/01 22:51 +0000>:
> My argument is that, just because a host says in the EHLO banner line
> 250-STARTTLS that you shouldn't assume you can do TLS to it. The reason
> for this is that TLS includes all sorts of other requirements which cannot
> be communicated in-band in SMTP, for example client certificates. Therefor
> an outbound mailer *SHOULD NOT* be configured to do TLS to any host that
> advertises the STARTTLS feature.
I disagree. You mean that
1. Either your host should be psychic
or
2. You compile an (ever growing) list of hosts to which you _should_ do TLS
Simpler to specifically exempt those which do offer STARTTLS but implement it
brokenly, as exim does now.
> Your argument, that any host which advertises TLS should allow me to
> establish a TLS connection is rather like saying "just because a host
> allows me to do SMTP AUTH, I should send it my username and password,
> just in case".
So, taking that argument ahead, even if a host advertises ESMTP in its
banner, you'd send a HELO and talk SMTP to it?
-srs
--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
