> On Dec 14, 2016, at 3:20 PM, Alberto Bertogli <[email protected]>
> wrote:
>
>
> As I see it, going HTTPS-only now in the interest of increasing adoption
> and aiming at making it easier to extend the policy in the future is a
> better tradeoff than going with DNS now and having to tweak/change it
> later when expansions appear.
I would not support implementation in Postfix of a protocol that causes
the SMTP client to trigger unsolicited HTTPS probes for all destination
domains. The proposed DNS probe is cheap and cached by the local resolver.
HTTPS probes are then only initiated for domains that publish a new policy
ID (or whose cached policy is sufficiently near expiration).
The proposed DNS record can also be used to expedite policy refresh without
requiring frequent HTTPS polling. I'd like to see the DNS record retained,
and would recommend avoiding an over-engineered kitchen-sink policy mechanism.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
