On 10/9/2019 4:22 AM, Rich Kulawiec wrote:
On Tue, Oct 08, 2019 at 09:58:22AM -0400, Valdis Kl??tnieks wrote:
The point is that there's 3 basic cases:
[ good analysis elided ]
It's the resources outside these that can be a major problem. In some
environments, "offering another service to the public Internet" requires
formal proposals, discussions, meetings, i's dotted and t's crossed,
auditors placated, security people mollified, and so on. And while
in this particular case it can be argued "we're making email more secure
by doing this" it still won't be an easy sell to some.
(more generally) Making email more secure/private is goodness. Doing it
via multiple kludges based on TXT records and hostnames and HTTP and
so on is not. I'm (painfully) well aware of the obstacles in the way
of doing it cleanly, but doing it this way incurs debt that sooner or
later we'll have to pay.
My concern is the increasing overhead and operational cost as well.
Add HTTPS requirements with newer heighten PCI/SSL requirements like
HSTS, and it can get really complicated with HTTPS client/server
ietf-smtp mailing list