> On Aug 20, 2017, at 1:08 PM, Daniel Margolis <[email protected]> wrote:
>
> Policies fetched via HTTPS are only valid if the HTTP response code is 200
> (OK).
> HTTP 3xx redirects MUST NOT be followed, and HTTP caching (as specified in
> RFC7234) MUST NOT be used.
I forget, is non-support of redirects intended to simplify the policy retrieval
code at the sending MTA , or is it a security concern? I am all for making
the service accessible to bare-bones HTTPS implementations, and so am not asking
for redirect support, just wanted to check the motivation... Perhaps the
rationale
should be stated in the draft?
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
