Re: [ietf-smtp] why are we reinventing mta-sts ?

On 10/7/19 5:11 AM, Daniel Margolis wrote:

I've only quickly skimmed the original thread, but it seems like theargument is about this magic DNS prefix for MX records that wouldindicate "this MX should offer STARTTLS", right?
As John says, the new proposal also requires DNSSEC, no? It seems likethe primary difference is that the new proposal is simpler byindicating only that the server supports TLS, but not what identity itpresents? Why is that desirable?

I didn't see this explicitly specified in the proposal, but IMO theserver certificate should match the target of the MX record.

And depending on DNSSEC probably does impair the ability of this to bedeployed. But if DoT can be used instead of DNSSEC, it seems to methat this might be easier to deploy than MTA-STS.

Granted, MTA-STS exists already and enjoys some support. A newproposal thus has a high bar to clear in order to be accepted as astandard. But I don't think it's wrong to discuss other ideas.


Keith


_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-smtp] why are we reinventing mta-sts ?, Daniel Margolis

Next by Date:

Re: [ietf-smtp] why are we reinventing mta-sts ?, Viruthagiri Thirumavalavan

Previous by Thread:

Re: [ietf-smtp] why are we reinventing mta-sts ?, Daniel Margolis

Next by Thread:

Re: [ietf-smtp] why are we reinventing mta-sts ?, Viruthagiri Thirumavalavan

Indexes:

[Date] [Thread] [Top] [All Lists]