On 2021-04-01 03:30, John Levine wrote:
Quite right.
"Doctor, doctor, it hurts when I do this."
"So don't do that."
Thank you for your position on the subject. :)
I'm _not_ advocating for MXs to point to CNAMEs because that's
prohibited. You're right they mustn't be used. My question was
different. To rephrase it: if MTA-STS validation should fail solely
based on that, and whether such behavior of a Sending MTA honoring
MTA-STS would be in accordance with RFC 8461.
By the way, from the last TLSRPT:
{"organization-name":"Microsoft
Corporation","date-range":{"start-datetime":"2021-03-30T00:00:00Z","end-datetime":"2021-03-30T23:59:59Z"},"contact-info":"tlsrpt-noreply(_at_)microsoft(_dot_)com","report-id":"132616914860181612+n0.lt","policies":[{"policy":{"policy-type":"sts","policy-string":["version:
STSv1","mode: enforce","mx: mx.n0.lt","max_age:
84600"],"policy-domain":"n0.lt"},"summary":{"total-successful-session-count":0,"total-failure-session-count":492},"failure-details":[{"result-type":"certificate-host-mismatch","failed-session-count":492}]}]}
Do they complain about the certificate which includes both n0.lt and
*.n0.lt anyways?
My questions here are being of an aim to discuss and for interpretation
of RFC(s) [especially RFC 8461] purpose only. :)
--
Regards,
Kristijonas
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp