On Oct 29, 2024, at 21:31, John Levine <johnl@xxxxxxxxx> wrote: > > I can easily imagine scenarios where STARTTLS makes no sense No network should run smtp in the clear, whether it is “over the internet” or not. Even if you’d gain nothing because you use macsec, IPsec or another link layer encryption, the cost of double encryption on email is so low that you might as well still run (opportunistic) TLS instead of unencrypted smtp. > and I see no > reason to gratuitously declare their existing working systems are no longer > standard compliant. It does not. Their systems are outdated if they transmit and receive clear text. Sending clear text over the network should definitely not be “standards compliant” these days. > It just makes us look arrogant and out of touch. Being out of touch of the NSA et all is the minimum viable product. We would look out of touch if a standard update in 2024 mandated supporting receiving unprotected clear text email. Paul -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
