> On 10 May 2016, at 05:44, John Levine <[email protected]> wrote: > > It occurs to me that another reason to prefer out of band reporting is > that it's a lot easier to ramp up. > > My impression is that many, perhaps most, existing MTAs can be > configured to do STARTTLS. But of course, at this point none of them > have any reporting extensions. Viktor and I can write reporting > extensions for our favorite MTAs, but under the most optimistic > scenario it'll take quite a while for those extensions to become > popular in all the MTAs that people use, and no extension, no in-band > reporting.
Ask you the package maintainer of your favourite distro to update in time. Extensions and updates must happen eventually, we can't support CentOS 5 machines only because there're many. This isn't really something that should even come up during a discussion on a IETF document, is it? > On the other hand, you can set up out of band reporting with a DNS > record pointing to the URL, and a little mail handling script or web > CGI script to accept all of your reports, no MTA patches needed. Once > you start getting the reports, you can start adjusting the existing > STARTTLS configs, again most likely no MTA patches needed. DNS isn't MITM safe. DNSSEC non-existent. Also: I'd rather not see hacked-up cronjobs but proper implementations. Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
