On 12/16/16 3:31 PM, Viktor Dukhovni wrote: >> On Dec 16, 2016, at 5:53 PM, Jim Fenton <[email protected]> wrote: >> >> It seems that Viktor and I have differing views on the usefulness of >> MAYTLS and REQUIRETLS. That said, I agree that it doesn't make sense to >> have two mechanisms for this, so I will try to formulate a hybrid >> mechanism for the next iteration of the draft. > Thanks. With that out of the way, I can elaborate on some of the policy > details that need to be discussed as part of this. > I'm working on the revision of the REQUIRETLS draft, and ran into a situation with "MAYTLS" that I'm not sure how to resolve.
In the case of REQUIRETLS, it makes sense to make sure that the SMTP server to which the message is being sent supports REQUIRETLS, because otherwise the REQUIRETLS characteristics of the message will be lost and the message may be sent in the clear on a subsequent hop. But with MAYTLS (or what I'm thinking of as REQUIRETLS=NO, since it's asking that TLS not be required), there are two ways to handle this: 1. Go ahead and send message to an SMTP server not supporting the extension. But then the sender's request to send regardless of DANE or STS policy gets lost on subsequent hops. If the need was only to do this for a single hop, the SMTP client can just ignore the DANE or STS policy and wouldn't need the extension at all. 2. Make sure that the server supports the extension, but then the message will be more likely to be blocked/bounced, which is the opposite of the sender's intent (this is for urgent, non-sensitive messages). In other words, MAYTLS is very fragile unless onward support is confirmed and doing so is likely to run counter to the sender's request. Thoughts? -Jim _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
