Hi, > On 13 Apr 2016, at 14:48, Daniel Margolis <dmargo...@google.com> wrote: > > What's the complexity you're worried about? Is it mainly that there's another > switch to flip incorrectly (i.e. inadvertent misconfiguration, at a greater > risk due to the presence of more configurations) or the risk of malicious DoS? > > I think Stephen laid out the trade-offs fairly well. I can see the argument > for telling recipients that if they already publish a DANE record they're > probably fine and shouldn't really need an STS policy as well. But a "must" > seems less helpful to me here; senders who have some external limitation that > prevents them from implementing DNSSEC then must not implement STS? I'd be > worried that some larger deployments might have trouble with that.
I understood this as: First check for DNSSEC/DANE if there're no records available try STS. But do not do both. Which is entirely reasonable given the added complexity and attack vector. You really do not want to validate via two to three different protocols/solutions. Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
