On Thu, Jul 10, 2014 at 08:29:49AM +0100, Dave Cridland wrote: > On 10 July 2014 02:45, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > > > So how can it be impractical to do something that has already been routing > > for over a decade? > > Also, XMPP has almost the exact same set of problems as (MTA/MTA) SMTP, and > seems to have deployed TLS with PKIX auth just fine This is a dramatic over-simplification. > and the deployed > network is shifting with some pace toward this being mandatory. TLS yes, PKIX authentication, not so much, and only provides security when the XMPP server can obtain certificates for the target domain (not the SRV host). With SMTP third-party MX hosting is rather common, and makes the latter substantially more difficult. > The only additional issue for SMTP is that you'd need SNI, but that's not > terribly onerous these days. This is also a dramatic over-simplification. SNI support is easy, cross-domain key management is not, and other barriers remain. Since this is a distraction, I will not debate it further point by point. -- Viktor.