On 11/17/17 6:28 AM, Eliot Lear wrote: > I've been watching the back and forth and trying to get my hands around > the technical issues between the two cases. The closest I see for a > technical explanation in this thread is this: > > > On 11/17/17 3:55 AM, Viktor Dukhovni wrote: >> As I pointed out in another message, BOTH REQUIRETLS=YES >> *and* REQUIRETLS=NO need to be encapsulated in headers, but >> the YES case *also* needs an ESMTP extension, while the >> NO case does not. It makes sense to define both in the >> same document. > For those of us who were not in the room, can someone explain the case > in technical detail for *not* doing REQUIRETLS=NO in the same document? > Jim?
The "yes" and "no" cases solve different problems: in the case of "yes" it's stating a security requirement, and in the case of "no" it's enhancing deliverability in the presence of MTA-STS or DANE policies. I can picture that some MTAs might deploy one and not the other, which makes it confusing if we're calling them both REQUIRETLS and putting them in the same specification. The "yes" case involves negotiation of an SMTP extension and may also involve the addition of a header field. The "no" case involves only the addition of a header field. -Jim _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
