Just listening to the recording of the meeting about sensitivity of
reports. One thing to keep in mind is that reports will often need
to be sent to the very domain which is failing STS validation, so
in fact one may well need to deliver the reports at *reduced*
security, relative to normal mail traffic, so that the reports get
through!
Therefore, the considerations as such should not mandate strong
transport protection, but rather should only promote avoiding
putting anything in the report that would not already be observed
by a passive wiretap.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
