On Wed, May 04, 2016 at 12:19:58AM +0200, Daniel Margolis wrote:
> Yeah, that's basically what's in the current draft (albeit with
> underscores-d'oh!).
Yes, with a valid hostname.
> The security tradeoff of allowing the cert to match the fixed hostname is
> somewhat unclear to me,
It is not much of a trade-off. A domain owner of example.com who
wants to do STS should not delegate or otherwise cede control of
the host or certificates for "smtp-sts-policy.example.com".
> do we want to force senders to validate the certificate manually
> (with a bit of code like John shared) against example.com, or do we just
> assume the second-level host is basically trusted (if you have an SSL cert
> that covers it) and use generic cert validation (allowing smtp-sts-policy,
> *.example.com, etc)?
Though I am sure that John can whip up safe Python code to do HTTPS
with a hostname<->certificate mismatch, making this necessary is
best avoided.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
