> On 06 May 2016, at 02:40, Viktor Dukhovni <[email protected]> wrote: > > The most timely reporting mechanism may be neither HTTPS nor a > separate email report, but an ESMTP extension that can signal > authentication errors as they occur. (Since STS supports a > non-enforcement 'trial' mode, and reporting was in large measure > intended to support that, the client would be continuing to use > the server in any case).
I like this idea. But again; I think the extension shouldn't send feedback if there isn't already a secure channel in place (e.g. MITM already occurring). Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
