> > On Mar 22, 2018, at 3:59 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net>
> > wrote:
> >
> > can't they opt-out by re-sending to their submission agent without the
> > REQUIRETLS SMTP command? or is the fear that their submission agent
> > will invoke REQUIRETLS on the next hop without the user's permission?
> No, the user is opting out of a TLS security policy he did not request,
> one published by the receiving domain via DANE or STS. Clearly if you
> don't want secure delivery, don't ask for it.
> > fwiw, i think troubleshooting alone might be sufficient reason to
> > document the "RequireTLS: NO" message header, but i'm pretty unclear on
> > any sane UI/UX story for how a troubleshooter manages to introduce it --
> > it's pretty much expert feature territory (e.g. those of us who edit our
> > message headers by hand).
> When this becomes an RFC MUAs could add the feature. Also MTAs running
> milters or similar content processing could implement a content
> transformation from:
> Subject: [insecure-delivery]: actual subject
> to (easy with e.g. Postfix header_checks):
> Require-TLS: NO
> Subject: [insecure-delivery]: actual subject
> or (not easy with header_checks, but hides the subject tag):
> Require-TLS: NO
> Subject: actual subject
Also trivial to do with Sieve.
Ned
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
