Hi! Happy new year!
I had some time during the holidays and started to do a basic
implementation of the latest MTA-STS draft.
While doing so, there were a couple of things I wasn't sure about so I'd
thought I'd ask:
- What happens if the "mx" field is missing from the policy?
Should the MTA skip checking the field but honour the rest of the policy,
treat the policy as invalid, or assume no MX is valid?
- For the case of an internationalized domain name, the "mx" field should
include domain patterns in their U form (e.g. "*.ñaca.com"), A form
("*.*.xn--aca-6ma.com"), or both can be present?
- The TXT record is on "_mta-sts" but the policy is on "mta-sts". Is that
intentional? Why not putting both on the same domain, to simplify things?
- The draft says that clients MUST check the TXT record, but it seems to me
it's totaly possible to make a reasonable implementation without doing so.
Is it worth using "MUST" for this?
I imagine this is related to the previous discussion we had, but
forcing MTAs to check seemed quite strong so I was wondering if
there was something else.
Thanks!
Alberto
In case you're curious, the implementation I have so far is at
https://blitiri.com.ar/git/r/chasquid/b/sts/, in particular
https://blitiri.com.ar/git/r/chasquid/c/febad008f38c9ac980a4c0a6179a7681fed7f125/
(patch and branch are subject to rebasing).
It's mostly fetching, parsing and checking. It has no caching or
reporting yet; I will add them later, but thought these questions are
independent anyway.
The integration into the MTA itself will come later too, but I expect it
to be roughly similar to the integration into the smtp-check tool, which
is included.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
