On 12/10/16 1:55 AM, [email protected] wrote: >> On Fri, Dec 09, 2016 at 04:13:08PM -0000, John Levine wrote: >>>> What would (for example) be the result if a client requested both >>>> the REQUIRETLS and a separate MAYTLS feature? >>> Given that mail servers will do whatever they wany with REQUIRETLS >>> suggestions, I wouldn't obsess about this. >> I'm trying, without much success it seems, to explain why REQUIRETLS is >> an incomplete take on the requirements for per-message TLS policy, and >> why fragmenting the solution over multiple specificaitons would be a bad >> idea. >> I am not too worried about what MTAs will or won't do with per-message >> REQUIRETLS, just pointing out non-orthogonal features which hint at the >> need for a single spec. I rather expect that the "require" side of the >> per-message policy will see exceedingly little use. > Yep. To the point where I cannot possibly justify implementing this proposal > unless it also includes the MAY option, which looks to me to be far more > useful.
It seems that Viktor and I have differing views on the usefulness of MAYTLS and REQUIRETLS. That said, I agree that it doesn't make sense to have two mechanisms for this, so I will try to formulate a hybrid mechanism for the next iteration of the draft. However, I'm a little concerned that the MAYTLS part of this may directly contradict the policy of the SMTP server. RFC 7671 section 4.1 says, "if usable secure TLSA records are published, authentication MUST succeed." There would be a similar conflict for SMTP STS. Wouldn't it be presumptuous for this specification to attempt to supersede those requirements? -Jim _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
