[Oberon] Re (2): Revision of OpenSMTP(...) in Oberon.Mail.Mod.

peter at easthope.ca peter at easthope.ca
Sun Apr 30 17:23:17 CEST 2023


Joerg,

Thanks for the detailed reply.

 From:	Joerg <joerg.straube at iaeth.ch>
Date:	Sun, 30 Apr 2023 08:10:54 +0200
> In RFC3207 (2002) the use of TLS encryption was added to SMTP; to
> change from TCP to TLS the command STARTTLS was added. RFC8314 (2018)
> recommends the use of „Implicit TLS“ iso STARTTLS.

Apology for my uncertainty and confusion.  By "iso" do you mean
"equivalent to"?  "Contrasting to"?

Over years, "official" meanings and recommendations have changed.
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Ref. 465 and 587. This is my understanding from multiple documents.  
=8~/

 From 8314: "implicit TLS" is synonymous to "TLS-on-connect". The port
currently recommended is 465.  The STARTTLS exchange is not involved
in implicit TLS. The connection is TLS from the beginning.

 From
https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#STARTTLS_or_%22Opportunistic_TLS%22
"opportunistic TLS" is synonymous to "STARTTLS".  After the
client-server connection is established, the STARTTLS negotiation may
proceed.  Also ref.
https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations
The port currently recommended is 587.

> In Oberon, Mail uses the modules NetSystem and NetTools providing
> basic TCP connectivity. Those modules would have to be enhanced by
> adding TLS encryption to TCP.

Guenter Feldmann begin work on SSL in ETH Oberon more than a decade
ago.  I recall using scp.  Also Guenther added SSH in A2 years ago?  I
don't know the current status in A2.

Another possibility is a TLS tunnel, as available by stunnel in Linux.
In the Oberon subsystem in A2, I retrieve mail by POP3 through a
stunnel tunnel. Authentication is inside the tunnel.
Ref. Oberon.Mail.OpenPOP
https://gitlab.inf.ethz.ch/felixf/oberon/-/blob/main/source/Oberon.Mail.Mod

Therefore I think of the analogue for SMTP.  Add AUTH PLAIN in
Oberon.Mail.OpenSMTP.

> - write a new module TLS.Mod that implements encryption according to
> RFC5246 (quite some work)

Largely duplicating Guenter's longstanding work.  Correct?

Thx,                             ... P.L.


More information about the Oberon mailing list