Re: UCSPI-TLS for s6-networking?

From: Casper Ti. Vector <caspervector_at_gmail.com>
Date: Tue, 17 Nov 2020 20:19:29 +0800

On Mon, Nov 16, 2020 at 02:05:27PM +0000, Laurent Bercot wrote:
> If I needed to write an SMTP server that supports STARTTLS, the way
> I would do it would be the following:

I have also been thinking about a minimal implementation of STARTTLS MX
(I think this may be the only hard-to-remove instance of STARTTLS, since
the discontinuation of STARTTLS mail submission and retrieval is easily
supported by mail clients, and customer notices can be used to announce
the migration).

In my design, smtpd is a clear-text UCSPI application, which upon the
STARTTLS message exec()s into itself wrapped by s6-tlsd. States are
passed across exec() through enviroment variables and command line
arguments (the latter only for non-sensitive information). The client
does what is symmetric to those outlined above.

-- 
My current OpenPGP key:
RSA4096/0x227E8CAAB7AA186C (expires: 2022.09.20)
7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C
Received on Tue Nov 17 2020 - 12:19:29 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:38:49 UTC