Brotman, Alexander wrote: > Aaron, > > There's a group of folks from M3AAWG that are working toward a sort of > mechanism for SMTP, roughly using some ideas relating to HSTS and/or > certificate transparency. The idea being that you would specify a published > policy where a sender can see that you expect that sessions will be > encrypted, and report TLS failures to the receiving system (without TLS). >
I think you're talking about smtp-sts. And I also think I've broken your proposal in this GitHub issue: https://github.com/mrisher/smtp-sts/issues/1 I'm very appreciative to any efforts into that direction but they need to be scalable and need to be deployable to all of the 4mio MXs on the Internet that aren't a major mail hosting provider. Please do not go with DNS. I'm not saying that my proposal is perfect. Far from it but if we collaborate something useful for everyone (even mail exchanges with a single domain) could be worked out. Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
