On 1/7/19 2:46 AM, Vittorio Bertola wrote:
On that point, you are right when you say that big systems that host mail for thousands or millions of domains are unlikely to ever implement MTA-STS, as that requires to activate one HTTP service per each domain - but we already have DANE for that case.
Additional note on this.I and many others already have policy maps requiring "secure" (starttls + PKI validating certificate) connection to the "major" providers of third-party mail services.
If someone did create a "BEST PRACTICES" RFC intending to increase required TLS on sending where appropriate, that practice should probably be included. That protects most instances involving third party mail providers.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
