[Last-Call] Re: [Emailcore] Re: Re: Re: Re: SECDIR Review of draft-ietf-emailcore-rfc5321bis-31

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The document already says use PGP. Why can't it also recommend STARTTLS with some discussion of when not to?

On Fri, Nov 1, 2024, 8:37 AM Ted Lemon <mellon@xxxxxxxxx> wrote:
Presumably it's sending you email to your email address, which means that it's not delivering it locally, unless you have an SMTP server locally, which is not normally the case.

Anyway, it's clear that this discussion is not going to lead to this problem getting fixed in the current document, and the reasons for that are at this point clear to me, and I can't really argue the point, much though I hate this conclusion. And, I have a great deal of sympathy for the chairs having to wade through continued discussion. So I'm going to shut up now.

On Fri, Nov 1, 2024 at 3:01 PM Salz, Rich <rsalz@xxxxxxxxxx> wrote:
  • That said, a scanner that emails your scanned images in plaintext without using TLS is a serious security problem and should definitely be prevented from continuing to do that. It's a benefit to the end user to prevent this, not a loss of function. I would say that this is a strong argument in favor of requiring STARTTLS, not an argument against it.

 

On my private home network, protected from external contacts by my ISP?  So now I have to understand the WebPKI?

 

Those are, to me, clearly the exactly wrong set of trade-offs.

--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux