It occurs to me that another reason to prefer out of band reporting is that it's a lot easier to ramp up.
My impression is that many, perhaps most, existing MTAs can be configured to do STARTTLS. But of course, at this point none of them have any reporting extensions. Viktor and I can write reporting extensions for our favorite MTAs, but under the most optimistic scenario it'll take quite a while for those extensions to become popular in all the MTAs that people use, and no extension, no in-band reporting. On the other hand, you can set up out of band reporting with a DNS record pointing to the URL, and a little mail handling script or web CGI script to accept all of your reports, no MTA patches needed. Once you start getting the reports, you can start adjusting the existing STARTTLS configs, again most likely no MTA patches needed. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
