On Tue, May 10, 2016 at 06:01:43PM +0000, Viktor Dukhovni wrote:
> * Sent over unauthenticated TLS (can be pipelined with QUIT
> when peer supports PIPELINING):
>
> TLSSTATUS DANE NOTRUST <tlsa-base-domain (source of policy)
> TLSSTATUS STS NOTRUST <nexthop-domain> (source of policy)
> TLSSTATUS (STS|DANE) EXPIRED <mxhostname> (SNI/MX hostname)
> TLSSTATUS (STS|DANE) NOMATCH <mxhostname> (SNI/MX hostname)
Oh, and of course I forgot:
TLSSTATUS DANE SUCCESS <tlsa-base-domain>
TLSSTATUS STS SUCCESS <nexthop-domain>
which can be pipelined before "MAIL FROM". It is also useful to
signal success. Finally, in addition to "STS" and "DANE" another
mechanism is just plain-old sender-configured TLS policy (ideally
via bilateral agreement, ...). We can call that "POLICY" or some
such.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
