[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IETF opinion change on "implicit TLS" vs. StartTLS

To: William Brown <wibrown@redhat.com>, Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: IETF opinion change on "implicit TLS" vs. StartTLS
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 12 Feb 2018 18:10:29 -0800
Content-disposition: inline
In-reply-to: <1518478295.7918.9.camel@redhat.com>
References: <3eab67f9-7845-1871-ca2d-75b86516e046@stroeder.com> <1518478295.7918.9.camel@redhat.com>

--On Tuesday, February 13, 2018 9:31 AM +1000 William Brown<wibrown@redhat.com> wrote:

On Mon, 2018-02-12 at 14:30 +0100, Michael Ströder wrote:

HI!

To me this rationale for SMTP submission with implicit TLS seems also
applicable to LDAPS vs. StartTLS:

https://tools.ietf.org/html/rfc8314#appendix-A

So LDAPS should not be considered deprecated. Rather it should be
recommended and the _optional_ use of StartTLS should be strongly
discouraged.


Yes, I strongly agree with this. I have evidence to this fact and can
provide it if required,

Personally, I'm all for it. I'd suggest using the above RFC as a templatefor one formalizing port 636, so it's finally a documented standard.


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: IETF opinion change on "implicit TLS" vs. StartTLS
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: IETF opinion change on "implicit TLS" vs. StartTLS
  - From: William Brown <wibrown@redhat.com>

References:
- IETF opinion change on "implicit TLS" vs. StartTLS
  - From: Michael Ströder <michael@stroeder.com>
- Re: IETF opinion change on "implicit TLS" vs. StartTLS
  - From: William Brown <wibrown@redhat.com>

Prev by Date: Re: IETF opinion change on "implicit TLS" vs. StartTLS
Next by Date: Re: IETF opinion change on "implicit TLS" vs. StartTLS
Index(es):
- Chronological
- Thread