>> - Some ambiguity about when the REQUIRETLS extension should be
>> advertised. The draft had assumed that it would be advertised on any
>> EHLO response, even before STARTTLS had occurred.
>
> Doesn't that open up a denial of service vulnerability, where an attacker
> can make a client incorrect
On 14-12-16 21:38, Viktor Dukhovni wrote:
On Dec 14, 2016, at 3:20 PM, Alberto Bertogli wrote:
As I see it, going HTTPS-only now in the interest of increasing adoption
and aiming at making it easier to extend the policy in the future is a
better tradeoff than going with DNS now and having to t
Hi, Jim,
On 21-07-17 12:56, Leif Johansson wrote:
There was clear consensus in Praha to adopt
draft-fenton-smtp-require-tls-03 as a WG document
(draft-ietf-uta-smtp-require-tls-00).
If anyone objects to that, now is the time to speak up.
no objection! Just wanted to send my review of -03 here
We can always blame the NSA for this ;-)
On 06-06-18 18:58, Alexey Melnikov wrote:
Hi James,
On 06/06/2018 17:48, James Cloos wrote:
Was the s/https/http/g in the boilerplate intentional?
The boilerplate is generated by a tool, so it is not under control of
document editors.
I can ask the
Hi, Jim,
On 12-04-19 21:44, Jim Fenton wrote:
One of the significant discussions at the Prague meeting (and
originally resulting from IESG comments) was that the Section 6,
"Mailing list considerations" was incomplete because it didn't
consider other causes of origination such as Sieve and v
