> On May 10, 2018, at 10:41 AM, Warren Kumari <[email protected]> wrote:
>
> [ Edit: Could the format of the _mta-sts to be something like:
> "_mta-sts.example.com. TXT "v=STSv2; id=20180114T070707; label=foo" ?
>
> This would mean that the policy can be fetched from foo.example.com - the
> record *could* specify "label=mta-sts" if it wanted - this allows this to work
> without "reserving" a DNS label. ]
Absent DNSSEC (which is the sad reason that MTA-STS exists at all) the TXT
record is untrusted data, and so should likely not be able to redirect the
policy source to an arbitrary host in the domain. I think that rather weakens
the security model...
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
