[Top] [All Lists]

Re: [ietf-smtp] certificate pinning

2014-06-08 01:34:37
On 06/08/2014 05:35 AM, Peter Bowen wrote:
What about bringing HSTS to SMTP as well?

S: 250-STSEC MAX-AGE=31536000

This would indicate that connections must use STARTTLS for future
connections.  Ideally, this would allow a client to directly issue
STARTTLS on connect, rather than EHLO (a protocol violation today),
reducing the amount of unencrypted data on the connection and speeding
up the connection sequence.
Would be nice to have. However, I could repeat my doubts about breaking connectivity with all those mailservers out there that use self-signed certificates (wat HSTS does). I advocate the use of DANE. If support for DANE would be mandatory for a "HSTS for SMTP", then it would be a great solution.


ietf-smtp mailing list