On 02/09/16 15:42, Daniel Margolis wrote: > On Tue, Aug 9, 2016 at 4:49 PM Stephen Farrell <[email protected]> > wrote: > >> >> - 3.3: I forget why "policy.mta-sts" is what's prepended to the >> policy domain. Personally, I dislike the two-level thing there >> and don't see that it's useful. If you do keep it, then it'd be >> good to justify it. But that's mostly a matter of taste I >> think. OTOH, it might be a small barrier to deployments in some >> places, not sure. >> >> > The rationale here was that it's far more likely that someone gives > untrusted users the ability to host untrusted content on a hostname of > their choosing than on a sub-zone. E.g. tumblr.com, dyndns.org, etc, have > the concern of someone registering "mta-sts.tumblr.com", but you can't (on > those platforms) register "policy.mta-sts.tumblr.com", to my knowledge. > > This does make things a tad uglier, though, and I think it may even make it > harder for some people to publish a policy with an existing wildcard > certificate (e.g. *.example.com would not match). > > So I think it's worth getting feedback from the group on that tradeoff. Any > opinions here?
I'd argue to ditch the two-level thing and go to one, e.g. "mta-sts.example.com" or whatever string you like for that hostname. S > > > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
