Aaron, Yes, that's what I was referring to, and I now see your comments, along with Dan's. I think we'd welcome feedback from all interested parties, even if they don't believe it to be a universal solution. Eventually, we'll have a mailing list hosted somewhere so that others can easily follow along.
-- Alex Brotman Engineer, Anti-Abuse Comcast x5364 -----Original Message----- From: Aaron Zauner [mailto:[email protected]] Sent: Friday, December 04, 2015 5:56 PM To: Brotman, Alexander <[email protected]> Cc: [email protected] Subject: Re: [Uta] Dealing with STARTTLS Stripping Brotman, Alexander wrote: > Aaron, > > There's a group of folks from M3AAWG that are working toward a sort of > mechanism for SMTP, roughly using some ideas relating to HSTS and/or > certificate transparency. The idea being that you would specify a published > policy where a sender can see that you expect that sessions will be > encrypted, and report TLS failures to the receiving system (without TLS). > I think you're talking about smtp-sts. And I also think I've broken your proposal in this GitHub issue: https://github.com/mrisher/smtp-sts/issues/1 I'm very appreciative to any efforts into that direction but they need to be scalable and need to be deployable to all of the 4mio MXs on the Internet that aren't a major mail hosting provider. Please do not go with DNS. I'm not saying that my proposal is perfect. Far from it but if we collaborate something useful for everyone (even mail exchanges with a single domain) could be worked out. Aaron _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
