Re: [ietf-smtp] why are we reinventing mta-sts ?

In article <20191007002348(_dot_)GA23742(_at_)x2(_dot_)esmtp(_dot_)org> you 
write:

What's wrong with MTS-STS defined in RFC 8461?


It requires an HTTPS server, thus adding an extra service and moving
the "trust" problem to CAs (AFAICT).


I was there when we were defining MTA-STS and the people involved,
who work for companies that probably handle the majority of all of
the mail in the world, did not want it to depend on DNSSEC for
deployment reasons.

See sections 2 and 10 of RFC 8461.

If you like DNSSEC, you can publish a DANE TLSA record for your SMTP
server, and systems like Comcast that pay attention to DNSSEC will use
it to check that you support TLS and have the right cert.





_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Keith Moore

Next by Date:

Re: [ietf-smtp] Dombox - A Zero Spam Mail System, John C Klensin

Previous by Thread:

Re: [ietf-smtp] why are we reinventing mta-sts ?, Claus Assmann

Next by Thread:

Re: [ietf-smtp] why are we reinventing mta-sts ?, Daniel Margolis

Indexes:

[Date] [Thread] [Top] [All Lists]