[Cryptography] SUBMIT is not SMTP, was IAB Statement on Internet Confidentiality

[Jerry Leichter]

On Nov 19, 2014, at 6:42 PM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
> This is the cryptography list.  I think we can have naive discussion
> of email protocols and infrastructure somewhere else.
> 
> Summary:
> 
> *  An ISP was observed to strip STARTTLS on port 25, rather than
>    block the port outright.
Everything you say is fine, but it ignores the implications.  Silently disabling  a user's explicit attempt a security is *in and of itself* nefarious behavior.  All the explanations of *why* this is being done miss this point.  Once the principle that such manipulations are acceptable is granted - even in special situations - there will be no end to the special situations.  The same anti-spam explanation applies to port 587.  You'll say, oh, but 587 is always used for authenticated connections.  But 25 is *sometimes* used for authenticated connections, too.  Why should *they* not be protected (to the admittedly small degree that STARTTLS in typical configurations supplies much protection).

If port 25 these days is mainly useful to spammers, then block it.  While annoying, this has been the expected - and generally accepted - behavior for years.  Based on the lack of any follow-on reports, it appears to be what everyone but Cricket does.  Having a single small mobile provider support enable port 25 provides no *advantages* - no widely used software will rely on it, because it's pretty much certain *not* to be there.  So the *positives* of "enable port 25 but disable encryption for it" compared to "block port 25" are pretty much nil.  The *negatives* are probably fairly minor right now - but we've all seen how "mission creep" works in the world of Telco's and ISP's.  Give them a *fraction* of an inch, and in a couple of years they've taken a mile.

"Silently disabling encryption" should simply not be acceptable behavior.

                                                        -- Jerry