On Thu, Aug 11, 2016 at 08:19:06PM +0000, Binu Ramakrishnan wrote:
> We appreciate your time and effort reviewing our draft.Lately we had some
> discussions related to policy cache and refresh in GitHub. One proposal
> was not to depend on DNS beyond initial discovery. We have some flow
> diagrams (#72) in the below links that provide some insights to what I'm
> referring to.
> https://github.com/mrisher/smtp-sts/issues/62
Keep in mind that polling for fresh policy (synchronous or not)
will only happen as part of a mail delivery to the destination
domain. A quick DNS lookup as part of each delivery works just
fine. It is far from clear under what conditions an MTA delivering
a message would choose to contact the HTTPS policy endpoint.
Refreshing all cached destinations once a day seems rather wasteful
and needlessly slow to notice intra-day changes.
Changes in the DNS id can be more timely and are much cheaper to
detect than changes in the HTTPS resource. I'm reluctant to
recommend just HTTPS polling for refresh.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
