Hi, UTA chairs recommended sending a mail about this to the UTA and IETF lists. We're currently analyzing our datasets -- so more/detailed data will become available shortly. Over the past couple of months we've been collecting SMTP, IMAP and POP (implicit TLS, STARTTLS) security measurements (primarily relating to TLS, X.509 Certs and offered protocol extensions). I've given a short talk at IETF93 in SAAG on the topic, the slides can be found over here: https://www.ietf.org/proceedings/93/slides/slides-93-saag-2.pdf * RC4 support is at about 83-85% * unsurprisingly TLS 1.0 is most widely supported * ~60% of certificates are self-signed * a huge number of servers offer AUTH PLAIN (some without STARTTLS) * 512bit DH(E) primes are very common * ECDH: most use 256bit group size * RC2-CBC-MD5 is supported by 40% of SMTP servers we've studied, * IDEA-CBC-MD5 by 14% We've also found 5-6% support of export ciphers in these protocols. If you have any questions regarding any of our scans or need data points for your drafts, recommendations or any current work - we'd be happy to help you out there as best as we can. Note that we have an outstanding TLS enumeration scan on port 587. We've collected banner messages and certificates from 465 and 587 already though. We don't yet have a publication ready and our data sets are currently not public, but will be in the foreseeable future. However we're happy to provide details if any of you have questions. Thanks, Aaron
Attachment:
signature.asc
Description: OpenPGP digital signature