Hi!
I recently came across the MTA STS draft as part of some SMTP work I'm
doing on my spare time.
I really like the end goals of it, and would love to see them widely
deployed.
However, I couldn't help but find it a bit complex, in particular in
ways that I think will make it difficult for smaller domains to adopt.
While surely it's not outside the abilities of a strong dedicated team
or a careful individual, it requires significant domain knowledge in a
few areas, and is easier to get wrong.
In particular:
- Requiring additional DNS records make it more difficult to set up.
- Having to keep the IDs in sync between the DNS records and the HTTPS
policy is, IMO, a significant operational burden, and makes it more
difficult to “get it right" when making changes.
- The above also carries a complexity overhead in the RFC itself and the
software implementation, by having to consider the interactions
between the two (such as the caching logic, multiple level domains,
etc.).
I was wondering if this you had any rationale about those decisions that
would help me understand why the current draft chose to go in this
direction, instead of potentially simpler approaches.
I hope this doesn't come across the wrong way, I debated whether to send
this or not, but seeing the invitation to comment on your git repository
tipped the scale :)
Thanks a lot!
Alberto
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
