Starttls, in both SMTP and IMAP, can be mitm'd (injection of refusal). We
should not be using them any more.
Not for SMTP if you use MTA-STS or DANE TLSA.
In any event, in SMTP the only alternative to STARTTLS is not to use
STARTTLS, which I don't think anyone would say was an improvement.
R's,
John
Paul Vixie
Feb 26, 2026 17:57:47 John R Levine <[email protected]>:
On Wed, 25 Feb 2026, Dan Wing wrote:
One approach would be take idea of
https://datatracker.ietf.org/doc/html/rfc8314 and extend it include SMTP
itself, which would bring QUIC along doing a happy eyeballs-like attempt at
QUIC falling back to TLS-over-TCP falling back to TCP-port-25-STARTTLS falling
back to TCP-port-25 plaintext, or as Martin suggested have DNS optimize those
choices.
The problem with that is that SMTP doesn't do the TLS handshake at startup,
only after a STARTTLS command in the TCP session. But see next message.
