> On Nov 17, 2017, at 3:50 AM, Jim Fenton <[email protected]> wrote:
>
> We weren't talking about mandating anything, just saying something in
> the spec to cause people to think about it. It might be the case that
> some report recipients don't want to use SMTP for their reports at all.
Sure some recipients may prefer HTTPS, but keep in mind that the
sender does not get much choice, the "rua" is chosen by the
receiving system. So the sender may have to send at least some
reports via email. Furthermore, email has the advantage that
sending systems already support queueing and retries, while with
HTTPS, one would have to build some new system to increase the
odds of "eventual" delivery of the report. Many domains (for
better or worse) will have the same wildcard certificate for
HTTPS and SMTP, and will have a non-working report HTTPS URI
at the same time that their MTAs starts having problems.
So email (with REQUIRETLS=NO) has advantages over HTTPS for
report delivery.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
