On 12/6/16 6:19 PM, Viktor Dukhovni wrote: > On Tue, Dec 06, 2016 at 04:30:32PM -0800, Jim Fenton wrote: > >> It has been a little while, so I thought it might be appropriate to give >> the WG an update on the status of REQUIRETLS >> (draft-fenton-smtp-require-tls-02). > Is there any new thinking on supporting user signalling of TLS > opt-out? (Urgent, but non-sensitive message needs to get through > despite DANE or STS policy that might otherwise hinder delivery > when some operational snafu breaks the promised security features). > > I rather see opt-out as much more realistically useful than the > converse covered by REQUIRETLS. And I do still strongly believe > that the same spec should cover both halves of this problem. > I haven't thought about this suggestion much further; I haven't heard any further support for it.
As for usefulness, I tend to think of a (potentially) multi-hop store-and-forward protocol like SMTP as being the wrong way to send an urgent message in the first place. There are lots of operational snafus that might break email entirely in such a way that this downgrade won't recover from, so if someone has an urgent need to communicate, they need to have an independent way to do it. -Jim _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
