On Thu, May 05, 2016 at 01:38:42AM -0000, John Levine wrote:
> >The downside that vanilla HTTPS libraries in their default validate
> >and retrieve mode can will no longer work without custom overrides
> >for certificate validation. I've seen that done incorrectly in
> >many creative ways, ...
>
> If history is a guide, the number of implementations of whatever hack
> we do will be a dozen or two, while with any luck it'll be rolled out
> across tens of thousands of domains or more. So, apparently, the
> programmers who work on mail servers are so incompetent and it would
> be so hard to get those few implementations debugged, that it's easier
> to tell those thousands of domains that they all have to reserve a
> fixed name and hope it doesn't collide?
>
> I've seen my share of incompetent programming (I used to teach
> undergrads), but really, now.
Yes, because of that dozen or two, most will be broken, and nobody
competent will bother to check. Failure to perform the checks
correctly will not be obvious, everything will appear to work
securely.
Additionally I am guided by the principle that opportunistic (yes
DANE, STS for SMTP are still opportunistic) security must be as
simple as possible for the client, perhaps at an acceptable cost
increment to the server.
We clearly disagree on the relative importance of two valid concerns,
and neither of us is saying anything new, or is missing the other's
point. So we should stop here.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
