Hi Victor,
Thank you for the feedback. We will update the document and provide some
guidance on reverse-proxy operations.
-binu
From: Viktor Dukhovni <[email protected]>
To: [email protected]
Sent: Friday, 29 September 2017 2:18 PM
Subject: Re: [Uta] Updated MTA-STS & TLSRPT
On Fri, Sep 29, 2017 at 08:59:58PM +0000, Binu Ramakrishnan wrote:
> IMO, whether to support 30x redirects or just depend on reverse-proxy
> mechanism is a question of preference. Though both can satisfy policy
> delegation, I would prefer the later because, as a MTA-STS implementor,
> I do not need write additional code (and related tests) to support 30x
> redirects. Like Leif mentioned, all modern general purpose web servers
> are equally good with both redirects and reverse-proxy.
In that case, reverse-proxy it is, but users will likely seek to
configure some sort of caching in the reverse proxy, and the document
should perhaps provide some guidance about that (and of course
stress that the reverse proxy needs to validate the upstream
certificate, if that language is not there already).
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
