[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IETF opinion change on "implicit TLS" vs. StartTLS



Dieter Klünter wrote:
> Am Mon, 12 Feb 2018 18:10:29 -0800
> schrieb Quanah Gibson-Mount <quanah@symas.com>:
> 
>> --On Tuesday, February 13, 2018 9:31 AM +1000 William Brown 
>> <wibrown@redhat.com> wrote:
>>
>>> On Mon, 2018-02-12 at 14:30 +0100, Michael Ströder wrote:  
>>>> HI!
>>>>
>>>> To me this rationale for SMTP submission with implicit TLS seems
>>>> also applicable to LDAPS vs. StartTLS:
>>>>
>>>> https://tools.ietf.org/html/rfc8314#appendix-A
>>>>
>>>> So LDAPS should not be considered deprecated. Rather it should be
>>>> recommended and the _optional_ use of StartTLS should be strongly
>>>> discouraged.  
>>>
>>> Yes, I strongly agree with this. I have evidence to this fact and
>>> can provide it if required,  
>>
>> Personally, I'm all for it.  I'd suggest using the above RFC as a
>> template for one formalizing port 636, so it's finally a documented
>> standard.
> 
> We have had discussed this topic some 10 years ago, at that time Kurt
> had some concerns with regard to ldaps and port 636. Unfortunately I
> can't remember details.

The above mentioned Appendix A references this section which summarizes
the concerns:

https://tools.ietf.org/html/rfc2595#section-7

IMO all these "issues" were even debatable at that time.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature