On 06/08/2014 05:35 AM, Peter Bowen wrote:
Would be nice to have. However, I could repeat my doubts about breaking
connectivity with all those mailservers out there that use self-signed
certificates (wat HSTS does). I advocate the use of DANE. If support for
DANE would be mandatory for a "HSTS for SMTP", then it would be a great
What about bringing HSTS to SMTP as well?
S: 250-STSEC MAX-AGE=31536000
This would indicate that connections must use STARTTLS for future
connections. Ideally, this would allow a client to directly issue
STARTTLS on connect, rather than EHLO (a protocol violation today),
reducing the amount of unencrypted data on the connection and speeding
up the connection sequence.
ietf-smtp mailing list