On 11/16/17 3:29 PM, Viktor Dukhovni wrote: > Just listening to the recording of the meeting about sensitivity of > reports. One thing to keep in mind is that reports will often need > to be sent to the very domain which is failing STS validation, so > in fact one may well need to deliver the reports at *reduced* > security, relative to normal mail traffic, so that the reports get > through! > > Therefore, the considerations as such should not mandate strong > transport protection, but rather should only promote avoiding > putting anything in the report that would not already be observed > by a passive wiretap. > We weren't talking about mandating anything, just saying something in the spec to cause people to think about it. It might be the case that some report recipients don't want to use SMTP for their reports at all.
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
