1. I agree that REQUIRETLS=NO needs a header so it can be
tunnelled via an "agnostic" MTA.
2. However, even REQUIRETLS=YES needs a header, because:
a. Within an MTA a message may make multiple internal
hops, for example processing via a loopback SMTP
proxy that does virus scanning, or forwarding via
a spam-scanning appliance that is statically configured
to always do TLS both upstream and downstream, but does
not support REQUIRETLS=YES explicitly.
b. Messages may get filtered via procmail and the like
and then forwarded, and again the delivery channel
has no means to preserve REQUIRETLS=YES except via a
header.
3. Therefore, REQUIRETLS will need a header for both YES and
NO, but the YES case will also want to see a "REQUIRETLS"
in the EHLO response of a remote MTA, so it can commit to
honouring the extension.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
