On Mon, May 09, 2016 at 05:59:09PM -0000, John Levine wrote:
> >Definitely not mutually exclusive. The case I'm trying to make is
> >that the initial operational priority is timely notification of
> >misconfiguration (expired, untrusted or wrong name certs).
>
> I'd really like to hear from people who plan to implement this
> at scale rather than guessing what they will find important.
You seem rather sure and repeatedly suggest that I have no relevant
operational experience and that I'm "guessing" or I am not one of
the exalted elite who operate SMTP at scale. To be honest that's
rather patronizing and you should stop.
For two years I've been monitoring the deployment of authentication
for SMTP (the distinction between DANE and STS is not especially
relevant here) and notifying administrators of errant MX hosts.
It is quite clear that misconfiguration notifications are and will
continue to be important.
Prior to that for a decade I was operating PKIX mandatory TLS
peering relationships for a "too big to fail" financial with 80,000
users, and supported TLS for a large community of Postfix users.
Microsoft reached out to me for advice when they were designing
improved TLS support in Exchange 2007 and implemented a few of the
key suggestions. I've more experience in this space than the folks
you're suggesting I need to defer to.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
