On Tue, Oct 9, 2012 at 9:25 AM, Gilles Chehade <gil...@poolp.org> wrote:
> > I agree with you that people will probably not want port 587 without auth > turned on so on a practical point of view, we could make it implicit. > > There's a syntax issue though because, users will likely be less surprised by: > > listen on bnx0 port submission [...] tls-require > listen on bnx0 [...] tls-require > > than: > > listen on bnx0 port submission [...] # implicit tls-require > listen on bnx0 [...] # not here though If there's no "require" for auth, just "auth" - then there's really no confusion I think And there is a real normal use case for opportunistic (as opposed to required) TLS. I don't think there is one for auth on port 587. I.E. I think tls and tls-require make sense to have differentiated. I'm not sure it makes sense to have "auth" and "auth-required" - I think "auth" should just mean it's required. > > This is really not a code issue as the diff would be a two-liner but do > we want to have this special case with an implicit behaviour just to > avoid using the knob (which has to be there since the general use when > not on port submission is to enable, not require) ? > > I killed the "enable" / "require" and replaced it with one single keyword: > tls / tls-require which is slightly better than the former btw :-) > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg
