On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot <dovecot@dovecot.org> wrote:
There is plenty of context where TLS is not possible/desirable.
I’d say that is terrible advice. There are no reasonable contexts where is it is acceptable to send mail credentials without encryption. My users have had to use STARTTLS for submission for many many years. Insecure connections from users are not an option.
And without client certificate, mutual strong authentication is not available,
For certain values of strong, sure. But nearly no one needs mutual strong authentication to the level that client certs are necessary, and if someone does need them, then that is not a significant hurdle. And the connections are still encrypted.
*ALL* user to server transactions should be encrypted and nothing should be willfully downgrading security in the flawed reasoning of convenience. That is why we have as many security issue as we do right now; we are still living down the legacy of the previous century’s lack of security at ever stage in design.
-- Yeah, Nick. Nick's the kinda guy you can trust. Nick's your buddy Nick's the kinda guy you drink beers with. The kinda guy that doesn't care if you puke in his car. Nick.