>> Only sort of. In this case, the downgrade path is obvious, you >> ignore the TLS flag and send the message along. > >That's the opposite of the goal here. SMTP makes tries to delivery >messages, even if that results in a downgrade in security. The goal here >is to fail the transmission of REQUIRETLS tagged messages that can't be >sent in accordance with the originator's security requirements.
Of course, but there's no reason for recipient MTAs to pay any attention to the tag if they don't want to. There is no penalty to them for doing so. With EAI there's at least the penalty of messages getting smashed. >But you make a good point about the fake MX problem: if you're concerned >about DNS attacks, you need to make sure that the recipient domain, and >not just the domain of the MX server, is DNSSEC protected. That's an >oversight in the specification I will correct. RFC 7672 which has already addressed that issue in great detail. R's, John _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
