>Incompetence will show up consistently and therefore can be detected by >a considerably simpler mechanism: a testing site, like Qualys SSL Labs. >I see that there is a checktls.com that does exactly this. Incompetent >email operators will probably not implement reporting anyway. > >Reporting is, however, useful for detecting TLS breakages that don't >consistently show up, which are much more likely to be caused by, as you >put it, "evil".
Maybe, maybe not. If you have several MTAs behind a load balancer, or geographically distributed MTAs with the usual DNS tricks to point people at the closest host, and one is misconfigured, the symptom would be flakiness. A one-off test like Qualys does would likely to hit one of the good ones. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
