qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/
pie__ has quit [Ping timeout: 245 seconds]
pie_ has joined #spectrum
<jpo> qyliss: i'm not sure i see the point of starttls anymore. either you force TLS, at which point there's no point because you might as well just avoid the complexity and start with a tls clienthello, or you don't force TLS, and it's downgradeable by a MITM either way
<jpo> it's not like TLS is still some new thing that might make sense to carefully probe support for in a backwards-compatible way
<jpo> idk. maybe there's some use case i'm not considering
pie_ has quit [Ping timeout: 276 seconds]
pie_ has joined #spectrum
eyJhb has joined #spectrum
danderson has joined #spectrum
eyJhb has left #spectrum ["WeeChat 2.6"]
<qyliss> jpo: AAUI server-to-server SMTP often doesn't support SMTP over TLS, and will only do STARTTLS
<qyliss> If you wanted to force it, I think it would probably be more reasonable to terminate the connection if they didn't do STARTTLS at the earliest possible opportunity, since that just seems to be the way encrypted mail is negotiated.
<qyliss> But email is just a mess in general.
<hyperfekt> qyliss: That sucks, especially because forcing STARTTLS is against the RFC :<
<qyliss> amazing
<hyperfekt> I was planning to only accept mail over TLS for the mailserver I wanna write
<qyliss> Note that most client to server mail happens over TLS
<qyliss> but receiving-only servers won't even have the right port open in lots of cases
<qyliss> (or relays)
<hyperfekt> Damn. Another drop in the 'the entire protocol needs throwing away' bucket
<qyliss> it wasn't even clear to me _how_ to receive mail over TLS
<qyliss> like, how to set up postfix for it
pie_ has quit [Ping timeout: 276 seconds]
pie_ has joined #spectrum