John Rudd wrote: [..] > The problem with the STARTTLS strategy is: you can't guarantee at the > network level that a client will use SSL/TLS. The service provider > might be able to do that [...] but the > network provider cannot. In large organizations, or situations with > outsourced services, those two groups may not be the same. This leads > to a situation where a networking service may be trying to enforce a > mandate of "secure protocols only", but cannot do so under the STARTTLS > strategy. Your problem lies within this paragraph. If one _has_ decoupled the network service and end-user service provision then the network service provider has no place mandating the behaviours (and port usages) of the end-user service providers (such as email server administrators). Or in your particular case, the wireless network group should get out of _your_ space (as the email system administrator) and just let you get on with enforcing your email access security policy with STARTTLS on regular ports. There's no need to change the RFCs in the way you've suggested. cheers, gja -- Grenville Armitage http://caia.swin.edu.au I come from a LAN downunder. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf