[Top] [All Lists]

Re: [ietf-smtp] Fwd: New Version Notification for draft-fenton-smtp-require-tls-00.txt

2016-01-11 10:34:29
Only sort of.  In this case, the downgrade path is obvious, you
ignore the TLS flag and send the message along.

That's the opposite of the goal here. SMTP makes tries to delivery
messages, even if that results in a downgrade in security. The goal here
is to fail the transmission of REQUIRETLS tagged messages that can't be
sent in accordance with the originator's security requirements.

Of course, but there's no reason for recipient MTAs to pay any
attention to the tag if they don't want to.  There is no penalty to
them for doing so.  With EAI there's at least the penalty of messages
getting smashed.

But you make a good point about the fake MX problem: if you're concerned
about DNS attacks, you need to make sure that the recipient domain, and
not just the domain of the MX server, is DNSSEC protected. That's an
oversight in the specification I will correct.

RFC 7672 which has already addressed that issue in great detail.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>