On 06/08/2014 05:35 AM, Peter Bowen wrote:
What about bringing HSTS to SMTP as well?
S: 250-STSEC MAX-AGE=31536000
This would indicate that connections must use STARTTLS for future
connections. Ideally, this would allow a client to directly issue
STARTTLS on connect, rather than EHLO (a protocol violation today),
reducing the amount of unencrypted data on the connection and speeding
up the connection sequence.
Would be nice to have. However, I could repeat my doubts about breaking
connectivity with all those mailservers out there that use self-signed
certificates (wat HSTS does). I advocate the use of DANE. If support for
DANE would be mandatory for a "HSTS for SMTP", then it would be a great
solution.
Evert
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp