On 1/11/16 8:34 AM, John Levine wrote: >>> Only sort of. In this case, the downgrade path is obvious, you >>> ignore the TLS flag and send the message along. >> That's the opposite of the goal here. SMTP makes tries to delivery >> messages, even if that results in a downgrade in security. The goal here >> is to fail the transmission of REQUIRETLS tagged messages that can't be >> sent in accordance with the originator's security requirements. > Of course, but there's no reason for recipient MTAs to pay any > attention to the tag if they don't want to. There is no penalty to > them for doing so. With EAI there's at least the penalty of messages > getting smashed.
Misbehavior by MTAs is outside the scope of the threat model for SMTP TLS. I have already described how such behavior could be detected; the erosion of trust resulting from that is likely to be harmful to the mail provider's business model. -Jim _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
