On Fri, 17 Nov 2017, at 20:15, Viktor Dukhovni wrote: > > >> On Nov 17, 2017, at 3:49 AM, Salz, Rich <[email protected]> wrote: >> >> I was there and I disagree with your characterization. > > I watched the entire session after the fact, I stand by my > assessment that the conclusions were premature. I've been > focused on this space for ~15 years now, so I am probably > not making stuff up...
I have, admittedly, only been focused on this space for 13 years, which I guess means you win on pure number of years. I was a person who stood up in both Prague and again in Singapore and argued for a header rather than REQUIRETLS=NO at SMTP stage. I see no benefit to adding anything at SMTP stage, or even checking if the receiver claims to support REQUIRETLS. If you have a message that doesn't want TLS checking, then you need to try your best to deliver it regardless, so you won't be checking for this extension before trying to send. > We should also keep in mind that as DANE and STS gain more > adoption, it will be the "NO" case that will be far more > useful to the majority of users. The "YES" case will see > very little use. In particular email reports from the > "tlsrpt" draft, will need "NO", to make sure they get to > the problem destination, despite their expired or otherwise > invalid certificates, disabled STARTTLS, ... I agree with this. There needs to be a way to contact misconfigured sites. Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd [email protected]
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
