Re: [Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

On 12 April 2018 at 03:23, Viktor Dukhovni wrote: > > > > On Apr 11, 2018, at 6:52 PM, Dave Cridland wrote: > > > > Well, one assumes that an MTA gives out the policy for the MTA, not the > domain, but otherwise I take your points. I don't think that

Re: [Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

On Thu, Apr 12, 2018 at 10:27:25AM +0100, Dave Cridland wrote: > > Unfortunately, per-MTA rather than per-domain policy entirely loses all > > protection against active attacks when the MX RRset is not secure. The > > MiTM just forges the MX RRset, yielding new hosts for which no policy > > is