On Fri, Dec 13, 2019 at 12:18:42AM +, Max Mazurov wrote:
> There is a new SMTP extension called REQUIRETLS (RFC 8689[2]) that can help
> this by providing clients with a way to require TLS use with authenticated MX
> records for security-sensitive messages.
I was involved in the IETF UTA WG
> Max Mazurov:
> I would like to start a discussion on how this extension can be useful for
> postfix users and whether there is a possibility of getting its support.
This proposal appears to have multiple moving parts that involve
- signaling intent in a header (TLS-Required),
- a remote SMTP c
Hello, list.
It is common knowledge that TLS for server-server SMTP is merely opportunistic
and there is no strong guarantee it will be used. Even worse, in many cases
MTAs lack any protection against active attacks (e.g. via MitM involving
downgrade to plaintext or DNS poisoning to spoof MX reco
