That‘s great news. Happy to see that Postfix isn’t just maintained but rather steadily developing.
Have a nice evening!
Ömer
> Am 05.02.2025 um 21:00 schrieb Wietse Venema via Postfix-users
> <postfix-users@postfix.org>:
>
>
>>
>> What do you think about the other one?
>> Not for the next release (I'm really looking forward to a stable
>> v3.10, so it's great news that you have frozen the code )
>>
>> but as an idea for the future releases?
>
> I just opened a discussion with Viktor about working towards a
> future where SMTP over authenticated TLS is the norm.
>
> - Enforce DANE if available (allowing for hybrid case)
>
> - Else enforce STS if available
>
> - Else enforce { secure, match=nexthop,dot-nexthop }
>
> Custom policies will be needed for sites that are an exception from
> the norm (including the case of no TLS).
>
> We already have the technical nuts and bolts for all of the above,
> we just need to provide a 'happy path'(*) for easy adoption.
>
> Like Postfix, Viktor's $WORK is in a code freeze, so we'll continue
> the discussion later.
>
> (While implementing RFC 8689 REQUIRETLS which requires *authenticted*
> TLS and REQUIRETLS support with every hop in the forward delivery
> path, I realized that the world is not ready for it; REQUIRETLS may
> end up in Postfix 3.11 if I can blunt the sharp edges.)
>
> Wietse
>
> (*) low friction; easy to do the right thing; etc.
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
