> On 25 Mar 2016, at 03:12, Jim Fenton wrote:
>
> Not to distract from the STS discussion, but I thought I'd point out
> another approach to SMTP TLS 'encouragement' that I submitted a few
> weeks ago: draft-fenton-smtp-require-tls-01. There has been some
> discussion of this draft, primarily on
On 25/03/16 12:09, Aaron Zauner wrote:
>> On 25 Mar 2016, at 03:12, Jim Fenton wrote:
>> REQUIRETLS is an SMTP service extension that allows an SMTP client to
>> specify (via a MAIL FROM option) that a given message must be sent over
>> a TLS protected session with specified security characteristi
On 25/03/16 02:12, Jim Fenton wrote:
> draft-fenton-smtp-require-tls-01
> The idea here is that REQUIRETLS allows the SMTP client to override the
> default "deliver even if you can't do it securely" behavior of SMTP. The
> philosophy is that the sender of the message (SMTP client) is in the
> bes
>- The draft does not mention alias-style forwarding done by an MTA;
> perhaps it could? A 1-1 alias would seems to be easily covered,
> but 1-to-many (mail-exploder) aliases may need more thought.
The whole draft presumes that intermediate hops will follow
instructions from the sender, without
Thank you, Jim. Definitely should be a part of the conversation.
You are on the Agenda!
Orit.
> -Original Message-
> From: Uta [mailto:uta-boun...@ietf.org] On Behalf Of Jim Fenton
> Sent: Thursday, March 24, 2016 7:13 PM
> To: uta@ietf.org
> Subject: [Uta] REQUIRETLS: another SMTP TLS mec
On Thu, Mar 24, 2016 at 07:12:43PM -0700, Jim Fenton wrote:
> Not to distract from the STS discussion, but I thought I'd point out
> another approach to SMTP TLS 'encouragement' that I submitted a few
> weeks ago: draft-fenton-smtp-require-tls-01. There has been some
> discussion of this draft, pr
On 03/25/2016 06:45 AM, Jeremy Harris wrote:
> On 25/03/16 12:09, Aaron Zauner wrote:
>>> On 25 Mar 2016, at 03:12, Jim Fenton wrote:
>>> REQUIRETLS is an SMTP service extension that allows an SMTP client to
>>> specify (via a MAIL FROM option) that a given message must be sent over
>>> a TLS prot
On 03/25/2016 07:24 AM, Jeremy Harris wrote:
> On 25/03/16 02:12, Jim Fenton wrote:
>> draft-fenton-smtp-require-tls-01
>> The idea here is that REQUIRETLS allows the SMTP client to override the
>> default "deliver even if you can't do it securely" behavior of SMTP. The
>> philosophy is that the s
On 03/25/2016 11:24 AM, Viktor Dukhovni wrote:
> On Thu, Mar 24, 2016 at 07:12:43PM -0700, Jim Fenton wrote:
>
>> Not to distract from the STS discussion, but I thought I'd point out
>> another approach to SMTP TLS 'encouragement' that I submitted a few
>> weeks ago: draft-fenton-smtp-require-tls-0
On March 23, 2016 at 18:45:45 , Daniel Margolis (dmargo...@google.com) wrote:
Hey,
Of course we reviewed DEEP during the drafting process, but as you say, the
targets are slightly different. I've responded to some individual points
inline; in summary, though, I think you raise some actionable p
On Fri, Mar 25, 2016 at 12:35:02PM -0700, Jim Fenton wrote:
> > If the entire goal is to ensure the integrity of the RFC 6125
> > "reference identifier" used to authenticate the nexthop SMTP
> > server, then it is perhaps a good idea to say so explicitly.
>
> The primary purpose was i
On March 24, 2016 at 2:16:27 , Mark Risher (ris...@google.com) wrote:
Hi, Chris:
Thanks for the comments.
1. I personally dislike using DNS records for any of this proposal. I believe
SMTP security policy is best communicated within SMTP as this minimizes attack
surface, eliminates the need for
On March 24, 2016 at 12:42:07 , Jim Fenton (fen...@bluepopcorn.net) wrote:
Not to distract from the STS discussion, but I thought I'd point out
another approach to SMTP TLS 'encouragement' that I submitted a few
weeks ago: draft-fenton-smtp-require-tls-01. There has been some
discussion of this
On March 25, 2016 at 15:15:22 , Mark Risher (ris...@google.com) wrote:
The discussion around whether to include a timeout in DEEP was basically to ask
the question: Should a domain that makes a commitment to be secure be allowed
to revoke that commitment? The rough consensus in the face-to-face m
14 matches
Mail list logo
