> On Fri, Feb 5, 2016 at 11:13 AM, Ned Freed <ned.freed@xxxxxxxxxxx> wrote: > >> Rather than discussing this on the IETF list, wouldn't it be rather > >> more productive for the discussants to get together and thrash out a > >> draft on how to use STARTTTLS in SMTP? > > > >> RFC3207 was published in 2002. 14 years and several revisions to TLS > >> later, it is probably time for a RFC3207-bis. > > > > Since the issue at hand is the ramifications of a policy change for > > IETF lists, the answer is no, it wouldn't. > > > > It's unfortunate that such a policy choice requires a deep understanding > > of how existing email software implements STARTTLS, but that's the situation > > we're in. > The point of eating the dogfood is process improvement. Not to get > used to the taste. And the point is lost if we then create our own > special dogfood. I completely disagree, but that's beside the point. The issue at hand is whether or not to disable the use of old ciphersuites in the IETF's use of STARTTLS in SMTP. Irrespective of the reasons we have for doing that, John's point was and is that it can adverse effect on our ability to reach everyone who wants to participate. This effect can be mitigated to some extent by your choice of SMTP client software and how you configure it. To that end it's important to understand what options are available and what the consequences are of their use. It's also important to reach some measure of consensus on how much inconvenience is too much. It's clear that Viktor and I disagree on this - I think supporting people who for whatever reason have to contend with crappy email software is far more important than any sort of dogfood eating exercise. > Capturing the process and the special sauce is what I am after. That's all fine and dandy, but it isn't what this conversation is about. And after spending several years pretty much begging the security area to take some small notice of this particular set of issues, you can understand why I have very little patience left for having the much more detailed conversation you apparently want to have. Ned