On Mon, Apr 16, 2018, 1:31 PM Rolf E. Sonneveld
wrote:
> On 16-04-18 21:39, Brandon Long via mailop wrote:
>
> [...]
> > I think this is an interesting stance, and I'm sure you've heard the
> > objections to
> > this before. You don't have to trust every CA, you certainly don't need
> to
> > tru
On 16-04-18 21:39, Brandon Long via mailop wrote:
[...]
I think this is an interesting stance, and I'm sure you've heard the
objections to
this before. You don't have to trust every CA, you certainly don't need to
trust every
CA for every host, and there are other tools to be used here such as
On 2018-04-16 at 11:45 -0700, Ned Freed wrote:
> AFAIK this does not happen in MTA-STS, that is, at no time is the MX hostname
> obtained from the DNS checked against the "mx" list from the MTA-STS policy.
> Rather, the DNS-ID of the certificate returned by the server is checked
> against
> the "m
On Mon, Apr 16, 2018 at 10:05 AM Phil Pennock wrote:
> On 2018-04-16 at 05:28 +, Brandon Long via mailop wrote:
> > I always thought of SNI has the equivalent of the Host HTTP header, so
it
> > should be the hostname you're connecting to.
> >
> > That's my reading of rfc 6066 at least, and wh
> In MX delivery without DNSSEC, if Eve injects an MX record:
> gmail.com. IN MX 1 my-spy-agency.example.org.
> then using the hostname from DNS means that the client will happily go
> talk to my-spy-agency.example.org, using that as the SNI, and validating
> against that same domain, then pres
On 2018-04-16 at 05:28 +, Brandon Long via mailop wrote:
> I always thought of SNI has the equivalent of the Host HTTP header, so it
> should be the hostname you're connecting to.
>
> That's my reading of rfc 6066 at least, and what Gmail expects.
In the HTTP Host header case, the hostname us
On 4/9/2018 8:50 PM, Philip Paeps wrote:
On 2018-04-09 11:09:37 (-0500), Jesse Thompson wrote:
The amount of DMARC data for a large decentralized university is
daunting, so my approach is to compartmentalize issues that can be
addressed.
Thank you for collecting and analysing this data!
Ev
> Il 16 aprile 2018 alle 7.28 Brandon Long via mailop ha
> scritto:
>
> I always thought of SNI has the equivalent of the Host HTTP header, so it
> should be the hostname you're connecting to.
>
> That's my reading of rfc 6066 at least, and what Gmail expects.
>
> I admit that th
On 16/04/18 03:44, Phil Pennock wrote:
While double-checking logs after an MTA update, I saw something from
Gmail which is ... bemusing. I'm wondering if there's any consensus on
how this should be handled in a manner which scales, given that Gmail
don't publish DANE records?
2018-04-16 01:14
On 16/04/18 06:28, Brandon Long via mailop wrote:
> I always thought of SNI has the equivalent of the Host HTTP header, so it
> should be the hostname you're connecting to.
>
> That's my reading of rfc 6066 at least, and what Gmail expects.
3. Server Name Indication
[...]
clients MAY include an
10 matches
Mail list logo
