> On Feb 21, 2019, at 3:52 PM, Eric Rescorla <e...@rtfm.com> wrote:
>
> I am not aware of any such right. The receiving system is announcing
> a capability, and the sending system does its best to achieve the
> highest common security level.
>
> No, it's saying "don't deliver this at all, if you can't do this"
That may be true of HSTS, but is certainly not true of DANE or MTA-STS.
Both specify how to deliver (more) securely *if* you choose to enable
the mechanism for the destination in question or by default. Neither
mechanism is mandated. Local policy always comes first. One might
for example want to reach the postmaster of a broken site, or send
a mundane time-sensitive message.
The title of RFC7672 is:
SMTP Security via Opportunistic DNS-Based Authentication of Named
Entities (DANE) Transport Layer Security (TLS)
the word "opportunistic" is not an accident, the mechanism is not
and should not be a mandate from the receiving system.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
