Since this was mentioned to me at IETF 101, I managed to find the time to
look it up and review. Several design decisions have left me confused; most
notably the notion of a call-out to HTTPS in the first place. Much of the
document is unclear to me, despite having a background of both Internet
On 12 April 2018 at 03:23, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
>
>
> > On Apr 11, 2018, at 6:52 PM, Dave Cridland <d...@cridland.net> wrote:
> >
> > Well, one assumes that an MTA gives out the policy for the MTA, not the
> domain, but othe
On 11 April 2018 at 19:20, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
>
>
> > On Apr 11, 2018, at 7:38 AM, Dave Cridland <d...@cridland.net> wrote:
> >
> > 2) HTTPS Call-out
> >
> > Given the policy is essentially trust-on-first-use, it's not
On 11 April 2018 at 16:40, Ned Freed wrote:
>
> > However, it surprises me that the MTA-STS draft does not appear to note
> > this prior art at all, and this makes me wonder whether it was even on
> the
> > radar.
>
> The relevance of POSH was discussed as recently as March