On Tue, Oct 08, 2019 at 09:58:22AM -0400, Valdis Kl??tnieks wrote:
The point is that there's 3 basic cases:
[ good analysis elided ]
It's the resources outside these that can be a major problem. In some
environments, "offering another service to the public Internet" requires
formal proposals, discussions, meetings, i's dotted and t's crossed,
auditors placated, security people mollified, and so on. And while
in this particular case it can be argued "we're making email more secure
by doing this" it still won't be an easy sell to some.
(more generally) Making email more secure/private is goodness. Doing it
via multiple kludges based on TXT records and hostnames and HTTP and
so on is not. I'm (painfully) well aware of the obstacles in the way
of doing it cleanly, but doing it this way incurs debt that sooner or
later we'll have to pay.
ietf-smtp mailing list