On Tue, May 10, 2016 at 01:15:34AM -0000, John Levine wrote:
> >Legacy MTAs also won't have STS support. We won't get new security
> >capabilitie ex nihilo.
>
> If you want to do the client stuff, you need new code in the MTA, but
> for the server side part, publishing a statement saying here's the
> names of my MXes and what their certificates should look like, you
> don't. Just stick the info on a web server, publish a DNS record or
> two to point at it, and you're all set.
The proposal is exceedingly simple. Instead of just sending "QUIT"
when TLS peer authentication fails, (or STARTTLS is not offered),
the SMTP client may be able to send a one line TLS status command.
Some MTAs would support this and some wouldn't. Over time likely
more would than won't. Lack of day-one support is not a valid
objection.
I'm proposing an *additional* notification channel for can be more
timely, and does not require the use of any third parties to which
one discloses one's traffic details, or publication of any email
addresses for receiving reports that may get spammed, or require
custom plumbing for report processing.
In Postfix, I can provide built-in support for the new verb in a
a way that consolidates notices for reporting to the system
administrator.
Nothing you've said in this thread makes the proposal impractical
as an *additional* mechanism for notification. I am done with this
thread. Over and out.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
