At present, STS doesn't impose any restrictions on the quality of TLS connection. Historically, new RFCs and protocols have been the only opportunity to enforce better security. For comparison, HTTP/2 introduced a requirement to use TLS 1.2 and suites with forward security and authenticated encryption.
I think something similar should be done with MTA-STS. In particular, forward security strikes me as extremely important, however the HTTP/2 approach seems sound overall. -- Ivan
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
