> On Feb 21, 2019, at 3:52 PM, Eric Rescorla <e...@rtfm.com> wrote: > > I am not aware of any such right. The receiving system is announcing > a capability, and the sending system does its best to achieve the > highest common security level. > > No, it's saying "don't deliver this at all, if you can't do this"
That may be true of HSTS, but is certainly not true of DANE or MTA-STS. Both specify how to deliver (more) securely *if* you choose to enable the mechanism for the destination in question or by default. Neither mechanism is mandated. Local policy always comes first. One might for example want to reach the postmaster of a broken site, or send a mundane time-sensitive message. The title of RFC7672 is: SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) the word "opportunistic" is not an accident, the mechanism is not and should not be a mandate from the receiving system. -- Viktor. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta