Heho, > We spent months working out the details, including why it uses HTTPS rather > than DANE, on public mailing lists in the IETF. (I would have preferred DANE, > but the choice of HTTPS was not made casually.) To clarify, my comment did not want to pull the found consensus into question, and I do not doubt that there are good reasons _for_ HTTPS at this level. This comment relates more to issues in the operational implementation I encountered when I (recently) implemented MTA-STS; The most pressing one that the MTA-STS policy is bound to the recipient domain, which means that I can not simply roll it out for all my MX, iff they are accepting mail for domains where I do not control the DNS, and my favorit MTA not supporting MTA-STS, because they do not want to include an HTTP client. However, I also assume that such issues were indeed discussed, and a tradeoff happened.
> If this is something you care about, where were you? This one hurts, mostly because I know where I was, and also know where I rather would have been, doing what. ;-) > I have certainly run into plenty of people who've had trouble getting their > mail into Gmail, loudly announced that GMAIL HAS BROKEN MAIL FOR EVERYONE IN > THE WORLD, then I take a look and say "do you know what SPF is?" "No, why do > you ask?" Sigh. I think this gets to the core of why centralization for many things is succesfull in the first place (leaving the whole good/bad/intention discussion out of it). Running systems is not easy; Especially for basic infrastructure (which email is), it should just _work_. Then again, over the past three decades, it also got _a lot_ more complex (see [0] for my favorit summary on that); There is also some work I was involved in which I hope to be able to share with the list by the end of the month, goin into the direction of "good setups" w.r.t. mail hosters, and the results align pretty much with your observation there. However, it also circles back to the age old question (among people sceptical of centralization) of how we can have more distributed infrastructure, without having it a) constantly break, b) crappily maintained, and thereby c) causing more issues than it solves. At the moment, I sadly do not yet have a good answer for that, and I suspect that it won't have a technical answer at all. With best regards, Tobias [0] https://dataswamp.org/~solene/2021-07-09-obsolete-feeling-in-the-crossfire.html _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
