On 3/5/19 12:23 PM, Maxim Dounin wrote:
> Not sure it is a good change.

Thank you for your detailed reply and explanation.  I agree with you on
all facets with respect to RFC compliance.  I believe the core issue at
hand is the antiquated language in the current RFC conflicting with
common practice -- several final destination MTAs on the public
Internet, depending on their role/use, do require and enforce TLS
communication only either on a per-sender, per-recipient, or per-server
basis.  That said your rationale for rejecting the patch is accurate and
mirrors similar expressed in Postfix at
www.postfix.org/postconf.5.html#smtpd_tls_security_level regarding 'encypt'.

If you find the proposed patch satisfactory from a technical aspect I
will commit the patch locally for a specific use case which would fall
under the category of 'dedicated servers'.

For your consideration, perhaps a configuration option of:

starttls dedicated;

With the proposed patch would meet both a use case and RFC requirement aspect.Thanks,

Nathan

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel