Loading ...
Sorry, an error occurred while loading the content.

Re: Testing out SMTPS

Expand Messages
  • Bill Cole
    ... The intrinsically bad idea of SMTPS died before ever being anything like a standard, and only survived as a zombie protocol because MS jumped on it without
    Message 1 of 15 , Feb 5, 2013
    • 0 Attachment
      On 4 Feb 2013, at 16:02, Robert Moskowitz wrote:

      > Well the online tester made me aware of it, and some of my clients are
      > stuck with Outlook Express, thus my interest in it.

      The intrinsically bad idea of SMTPS died before ever being anything like
      a standard, and only survived as a zombie protocol because MS jumped on
      it without thinking. 9 years late, MS issued a patch in 2007 for OE that
      enabled TLS on port 587 and that patch was rolled into Windows XP SP3 in
      2008.

      The bottom line is that anyone still running a version of OE that can't
      handle standard submission is running a grossly insecure and obsolete
      system. Rather than accommodating that irresponsible behavior, you would
      do your clients and everyone else a service by making it untenable.
    • Reindl Harald
      ... what was so bad? that no single connection is unencrypted? that http://www.cvedetails.com/cve/CVE-2011-0411/ would not have been possible? sorry, but from
      Message 2 of 15 , Feb 5, 2013
      • 0 Attachment
        Am 05.02.2013 19:29, schrieb Bill Cole:
        > On 4 Feb 2013, at 16:02, Robert Moskowitz wrote:
        >
        >> Well the online tester made me aware of it, and some of my clients are stuck with Outlook Express, thus my
        >> interest in it.
        >
        > The intrinsically bad idea of SMTPS died before ever being anything like a standard

        what was so bad?

        that no single connection is unencrypted?
        that http://www.cvedetails.com/cve/CVE-2011-0411/ would not have been possible?

        sorry, but from point of design it is a intrinsically bad idea
        start the connection unencrypted and after that look "hey, we
        can switch to encryption"
      • Noel Jones
        ... That s a little harsh. There is nothing wrong with smtps, any more than https is wrong. And a zombie is a great metaphor -- it s dead, but still stumbles
        Message 3 of 15 , Feb 5, 2013
        • 0 Attachment
          On 2/5/2013 12:29 PM, Bill Cole wrote:
          > The intrinsically bad idea of SMTPS died before ever being anything
          > like a standard, and only survived as a zombie protocol because MS
          > jumped on it without thinking.

          That's a little harsh. There is nothing wrong with smtps, any more
          than https is wrong.

          And a zombie is a great metaphor -- it's dead, but still stumbles
          around refusing to be buried. If you want to bury it, prepare to
          defend yourself.

          > The bottom line is that anyone still running a version of OE that
          > can't handle standard submission

          That's just one use case. Unfortunately, there is current software
          that perpetuate the hoax.


          -- Noel Jones
        • Bill Cole
          ... Rehashing the arguments that killed its standardization 16 years ago would be off-topic here.
          Message 4 of 15 , Feb 5, 2013
          • 0 Attachment
            On 5 Feb 2013, at 14:28, Noel Jones wrote:

            > On 2/5/2013 12:29 PM, Bill Cole wrote:
            >> The intrinsically bad idea of SMTPS died before ever being anything
            >> like a standard, and only survived as a zombie protocol because MS
            >> jumped on it without thinking.
            >
            > That's a little harsh. There is nothing wrong with smtps, any more
            > than https is wrong.

            Rehashing the arguments that killed its standardization 16 years ago
            would be off-topic here.
          Your message has been successfully submitted and would be delivered to recipients shortly.