Re: Not sure if this is the right place for this

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Rudd wrote:
	[..]
> The problem with the STARTTLS strategy is: you can't guarantee at the
> network level that a client will use SSL/TLS.  The service provider
> might be able to do that [...] but the
> network provider cannot.  In large organizations, or situations with
> outsourced services, those two groups may not be the same.  This leads
> to a situation where a networking service may be trying to enforce a
> mandate of "secure protocols only", but cannot do so under the STARTTLS
> strategy.

Your problem lies within this paragraph. If one _has_ decoupled the network
service and end-user service provision then the network service provider has
no place mandating the behaviours (and port usages) of the end-user service
providers (such as email server administrators).

Or in your particular case, the wireless network group should get out of _your_
space (as the email system administrator) and just let you get on with enforcing
your email access security policy with STARTTLS on regular ports.

There's no need to change the RFCs in the way you've suggested.

cheers,
gja
-- 
Grenville Armitage
http://caia.swin.edu.au
I come from a LAN downunder.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]