Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication.
Besides the use of opportunistic TLS, a number of TCP ports were defined for SSL-secured versions of well-known protocols.
[5] Some examples include: At least for the email related protocols, RFC 8314 favors separate SSL ports instead of STARTTLS.
This behavior started as early as September 2013 by Aio Wireless, who later merged with Cricket where the practice continued.
However, DNSSEC, due to deployment complexities and peculiar[clarification needed] criticism,[11] faced a low adoption rate and a new protocol called SMTP MTA Strict Transport Security or MTA-STS has been drafted[12] by a group of major email service providers including Microsoft, Google and Yahoo.
MTA-STS does not require the use of DNSSEC to authenticate DANE TLSA records but relies on the certificate authority (CA) system and a trust-on-first-use (TOFU) approach to avoid interceptions.
In addition, MTA-STS introduces a mechanism for failure reporting and a report-only mode, enabling progressive roll-out and auditing for compliance.