Re: [Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

Since this was mentioned to me at IETF 101, I managed to find the time to look it up and review. Several design decisions have left me confused; most notably the notion of a call-out to HTTPS in the first place. Much of the document is unclear to me, despite having a background of both Internet

Re: [Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

On 12 April 2018 at 03:23, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > > > > On Apr 11, 2018, at 6:52 PM, Dave Cridland <d...@cridland.net> wrote: > > > > Well, one assumes that an MTA gives out the policy for the MTA, not the > domain, but othe

Re: [Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

On 11 April 2018 at 19:20, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > > > > On Apr 11, 2018, at 7:38 AM, Dave Cridland <d...@cridland.net> wrote: > > > > 2) HTTPS Call-out > > > > Given the policy is essentially trust-on-first-use, it's not

Re: [Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

On 11 April 2018 at 16:40, Ned Freed wrote: > > > However, it surprises me that the MTA-STS draft does not appear to note > > this prior art at all, and this makes me wonder whether it was even on > the > > radar. > > The relevance of POSH was discussed as recently as March