[AusNOG] Issues receiving from TPG Mail servers.

Mark Foster blakjak at blakjak.net
Tue Jul 24 12:19:17 EST 2018


As a point of comparison, the NZISM (yes, i'm a kiwi) stipulations are
similar:

https://www.nzism.gcsb.govt.nz/ism-document#2521

17.4.16.C.01.
Control:  System Classification(s): All Classifications; Compliance:
SHOULD [CID:2598]

Agencies SHOULD use the current version of TLS (version 1.2).

NZISM also notes that TLS 1.2 was launched in 2008.

So I agree that TPG are clearly miles behind the ball if they're not even
yet operating to a 10 year old update to the RFC.

Mark.

> Should TLS 1.0 be acceptable?
>
> I don't claim to be a crypto geek.
>
> Curiously the ISM standards make TLS 1.2 only advisory:
>
>
>    - Control: 1447; Revision: 0; Updated: Apr-15; Applicability: UD, P, C,
>    S, TS; Compliance: must; Authority: AA
>       - Agencies *must use TLS*.
>       -
>       - Control: 1139; Revision: 3; Updated: Apr-15; Applicability: UD, P,
>    C, S, TS; Compliance: should; Authority: AA
>       - Agencies *should use the latest version of TLS*
>
> Kind regards
>
> Paul Wilkins
>
> On 24 July 2018 at 11:10, Scott Howard <scott at doc.net.au> wrote:
>
>> On Mon, Jul 23, 2018 at 6:00 PM, Noel Butler <noel.butler at ausics.net>
>> wrote:
>>>
>>> You are the one choosing to use cpanel/plesk, lazy webhost solutions
>>> that
>>> puts all your customers eggs in the one single basket (though I heard
>>> plesk
>>> may soon be changing that), sorry, but that is not TPG's fault your
>>> chosen
>>> hosting software lives in the 90s.
>>>
>>
>> Perhaps not, but it IS TPG's fault that their mail server is only
>> supporting encryption algorithms that live in the 90's...
>>
>> Irrespective of the PCI argument or not, TPG supporting TLS 1.0 but not
>> higher in 2018 simply shouldn't be seen as acceptable.
>>
>>   Scott
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>




More information about the AusNOG mailing list