Author: Kjetil Torgrim Homme Date: To: Bill Hacker CC: exim Subject: Re: [exim] Setup for authenticated submission
On Wed, 2006-01-18 at 23:33 +0800, Bill Hacker wrote: > Kjetil Torgrim Homme wrote:
> > uh. this doesn't make any sense. port 587 is to be used to
> > authenticated SMTP. it should start out unencrypted.
>
> Why should it not be encrypted from the outset?
> 'Coz there are inflexible MUA's? Easily fixed.
there were no Internet standards starting in encrypted mode until the
publication of SSH as RFC 4250..4256. so this month, this piece of
trivia changed, but it didn't change the philosophy of IETF in the
design of Internet protocols. LDAP, IMAP, SMTP, etc. etc -- it all
starts unencrypted and negotiates afterwards.
> > what happens
> > after initial EHLO handshake will depend on negotiations between server
> > and client.
>
> Only if you do not want it to begin life in an SSL 'tunnel'. We do.
fair enough, but this is at odds with Internet standards
> > it is NOT required to use STARTTLS, many prefer to use
> > CRAM-MD5 or similar schemes which aren't vulnerable to sniffing.
>
> How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable'
> than the
> current higher-level releases of SSL/TLS?
I didn't make such a claim. (and CRAM-MD5 is not compromised by MD5
collision attacks, anyway.)
--
Kjetil T.