one anyhow, just in a different place.Using untrusted cert is not
>a feature, but an important security issue that needs to be fixed either
>through DANE or PKIX.
thanks,-binu
From: Aaron Zauner
To: Binu Ramakrishnan
Cc: Mark Risher ; "uta@ietf.org" ; Orit Levin
(CELA) ;
>> However this does bring up a good point - if I want to support STS *and*
>> DANE as a receiver, and have a homogeneous MX/MTA setup, i.e. not something
>> like the above, I would have to support the common subset of both
>> specifications, at least as far as MTA configuration is concerned, e.g.
Whether we use sub-domain or .well-known URL path to serve STS policies, I'm
not sure whether we can guarantee uniqueness with the resource. I think
sub-domains are better because it helps the Mail admins to control those
policies - means they can make updates to these endpoint without depending
DMARC is a mechanism to fight against mail related abuse (eg. spam emails). And
for that matter it is sufficient to keep DMARC/DKIM/SPF records in DNS. In the
case of STS, the threats we are considering is quite different from DMARC. It
is because of the same reason we are not sticking policy in
Victor,
We appreciate your time and effort reviewing our draft.Lately we had some
discussions related to policy cache and refresh in GitHub. One proposal was not
to depend on DNS beyond initial discovery. We have some flow diagrams (#72) in
the below links that provide some insights to what I'm
This should be a
separate report different from our regular violation report- basically to
report control plane issues.
==
thanks,-binu
From: Viktor Dukhovni
To: uta@ietf.org
Sent: Thursday, 11 August 2016 4:17 PM
Subject: Re: [Uta] review of mta-sts-01
On Thu, Aug 11, 2016 at
at 12:02:18AM +, Binu Ramakrishnan wrote:
> > Keep in mind that polling for fresh policy (synchronous or not)
> > will only happen as part of a mail delivery to the destination
> > domain. A quick DNS lookup as part of each delivery works just
> > fine. It is f
IMO the main hurdle with key-value format is that we do not have a standard
format, and by extension off-the-shelf library support. So the question is -
whether to write custom kv parsers or use a standard format - JSON.
Thanks,-binu
From: Daniel Margolis
To: uta@ietf.org
Sent: Sunday,
iktor Dukhovni
To: uta@ietf.org
Sent: Monday, 24 April 2017 3:49 PM
Subject: Re: [Uta] smtp-sts-04 JSON
> On Apr 24, 2017, at 6:34 PM, Binu Ramakrishnan wrote:
>
> IMO the main hurdle with key-value format is that we do not have a standard
> format, and by extension off-
Margolis
To: uta@ietf.org; Binu Ramakrishnan
Sent: Sunday, 20 August 2017 10:24 AM
Subject: 302 redirects (was "MTA-STS and HTTP cache control")
So, the motivation for this was simplification: if you allow 302s, you have to
specify a bit more clearly what the behavior is for thi
One advantage of using a sub-domain is the ability to delegate STS policy
serving (and mail hosting) to a 3rd party service provider.
Thanks,-binu
From: Ayke van Laethem
To: uta@ietf.org
Sent: Friday, 15 September 2017 1:02 PM
Subject: [Uta] Rationale for mts-sts.
Hi,
I was wonderi
-- Forwarded message --
From: Binu Ramakrishnan
Date: Fri, Sep 29, 2017 at 9:52 AM
Subject: Re: [Uta] Updated MTA-STS & TLSRPT
To: Daniel Margolis
Cc: Leif Johansson , uta@ietf.org, Nicolas Lidzborski␄
IMO, whether to support 30x redirects or just depend on reverse-p
8:59:58PM +0000, Binu Ramakrishnan wrote:
> IMO, whether to support 30x redirects or just depend on reverse-proxy
> mechanism is a question of preference. Though both can satisfy policy
> delegation, I would prefer the later because, as a MTA-STS implementor,
> I do not need write addi
My preference would be not to cache the policy by the reverse-proxy. Like Dan
said, the provider can handle more traffic than the proxy, hence I think
caching is not a requirement. Provider may set appropriate Cache-Control HTTP
header to prevent caching
Example:Cache-Control: no-cache, no-store
> More importantly, I think MTA-STS should > mandate SNI usage. I believe you
> are referring to HTTPS MTA-STS policy distribution service, and do no see any
> reason not to include SNI requirements in the spec.
Sent from Yahoo Mail for iPhone
On Friday, October 13, 2017, 8:19 AM, Ivan Rist
Thank you Mirja.
'rua' is defined in Section 3 (Reporting Policy). Would that be sufficient?
In fact "Aggregate report URI" is borrowed from DMARC.
-binu
On Wed, Apr 18, 2018 at 6:09 AM, Mirja Kühlewind
wrote:
> Mirja Kühlewind has entered the following ballot position for
> draft-ietf-uta-smt
Confirmed, and updated the doc with the RFC reference.
On Mon, Apr 16, 2018 at 11:39 AM, Viktor Dukhovni
wrote:
>
>
> > On Apr 16, 2018, at 2:24 PM, Warren Kumari wrote:
> >
> >> Strings in TXT records have a single-octet length field. When returning
> a longer
> >> string, or when one wants t
17 matches
Mail list logo
