In message <571F2B9A.9070205@???>, Jeremy Harris
<jgh@???> writes
>So much for encouraging people to actually use security.
There's a difference between "encouragement" and subtly breaking
existing configurations without even a mention in the Fine Manual (or
the upgrade instructions).
On balance I don't think you should ever break existing systems at all
without a compelling security case (or perhaps, with a view to
simplifying the codebase, by upgrading legacy warnings to errors if they
have been present for a considerable number of revisions).
Note that for many people STARTTLS is either irrelevant (their threat
model does not encompass network layer attackers) or insufficient
(because of MiTM attacks, downgrades etc). That is, I don't think this
security case is currently so compelling that failure to force its use
would be negligent.
BTW: I consulted folks yesterday evening, and Yahoo's mail system is
very closely based on a extremely widely deployed MTA -- and so the
expectation is that they will not have been far from alone in failing to
deliver email to my upgraded system over the past few days :-(
Fixes along the lines being discussed seem sane -- changing the default
back, but also producing a warning when Exim starts that more security
could be achieved by adding a certificate and changing the config.
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a Benjamin
little temporary Safety, deserve neither Liberty nor Safety. Franklin
