David Schweikert:
> Hi Wietse,
>
> On Tue, Mar 22, 2016 at 10:28:48 -0400, Wietse Venema wrote:
> > In order to protect the stability of the Postfix SMTP client, I
> > propose a new feature that builds on smtp_tls_policy_maps that
> > allows experimentation with STS and other features.
>
> Great! I am looking forward to it.
>
> > Q1: What point in time is the call made?
>
> Maybe after the TLS-protected HELO?
This would return the same info as smtp_tls_policy_maps, i.e. whether
TLS will be mandatory, how to match the certificate (name-based
or fingerprint-based), based on the SMTP client state (the next-hop
destination, the host that it will connect to, etc.).
An STS plugin could reply with a TLS security level "encrypt"
and with a TLS fingerprint based on past experience.
Wietse
