On 11/01/2018 02:40 PM, Bill Cole wrote:
On 1 Nov 2018, at 15:48, Alice Wonder wrote:
Maybe better, I do not know. I do not know right place to recommend
this, I hope it is not too out of place here.
This list reaches a minority of Postfix admins, who are a minority of
mail system admins, who are a minority of people with strong interests
in the technical security aspects of email.
The IETF "uta" working group may be an even smaller minority of the
people with strong interests in the technical security aspects of email,
but at least there you would reach a more diverse subset and your idea
would be squarely on topic.
https://datatracker.ietf.org/wg/uta/about/
I agree with every one of Viktor's critiques, which have been valid
critiques of many incomplete and unworkable concepts of how to "fix
email" over the past 20+ years. Here on a list made up mostly of people
running production mail systems and maintaining tools for such systems,
you will find both disinterest in an idea that does not exist as
deployable code (or even as an implementable protocol) and active
skepticism of doing today what Microsoft tried and failed to do 20+
years ago with port 465. The uta-wg community may be less jaded and more
interested in helping move an embryonic concept towards something useful.
Thank you, I'll look at that list.
To me, DNSSEC + TLSA "fixes" e-mail.
But there's a lot of resistance to DNSSEC, for some reason some key
people really don't like it and have put out a lot propaganda against
it, and aren't going to use it.
MTA-STS is a solution they come up with that when I look at doesn't
actually solve anything while at the same time sending the message that
DNSSEC isn't really needed. It's a bad broken solution (just like HPKP
was a bad broken solution).
I'm just looking for something for those who refuse to embrace DNSSEC
that at the same time doesn't discourage the use of DNSSEC.
I'll bring it to that list.
