On Fri, May 06, 2016 at 12:32:59AM +0700, Aaron Zauner wrote:
> > I think the primary virtue of accepting HTTP/S reports is really in the
> case where the recipient has a severely misconfigured MTA. Hopefully in
> that case the report sender can still make an insecure SMTP connection,
> but it's possible not.
There's at least one common-mode failure for STS and HTTPS, namely
expiration of a wildcard certificate that is used for both the
email and HTTPS servers.
> So in that case why not prefer a secure HTTPS connection over an insecure
> SMTP connection?
We're discussing an error reporting mechanism, not a secure message
delivery mechanism. It should be possible to deliver the bad news
even under adverse conditions.
If the reports contain sensitive data, let's simplify the reports
to contain less of it. In most cases, a boolean "your cert chain
fails to verify for domain D at MX host H" is quite sufficient.
The SMTP message would be sent via opportunistic TLS, with fallback
to cleartext if STARTTLS fails or is not adverised.
For example:
lojabrum.com.br. IN MX 10 smtp.lojabrum.com.br. ; AD=1
_25._tcp.smtp.lojabrum.com.br. IN TLSA 3 1 1
d6e78498aeadde76946c27b44a728bac7257f3eb5dca5a0745abfa75d5fe461f
smtp.lojabrum.com.br. IN A 200.160.111.140 ; STARTTLS not offered
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
