On Wed, Mar 13, 2019 at 02:55:02PM -0700, Eric Rescorla wrote: > On Wed, Mar 13, 2019 at 2:49 PM Viktor Dukhovni <ietf-d...@dukhovni.org> > wrote: > > > On Mar 13, 2019, at 5:13 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > > > Well, I think this field should only override the outgoing and not > > incoming policies (or be removed). > > > > To be clear, let's imagine a company (say a bank) with the following TLS > > policies (written roughly Postfix-style, but should be clear even to the > > uninitiated): > > > > [...] > > > > I think you're saying that the company could allow its users to bypass > > the locally-policy business partner domain rules, but must refuse to > > allow users to exempt casual correspondence from DANE (or MTA-STS) > > policy when published by the destination domain.
So: "I MAY allow MY users to trump MY policy" "I MUST NOT allow MY users to trump OTHERS' policy" ? If my contractual relationship with my partners required me to enforce their policies, I couldn't object to enforcing their rules. If I don't have a contractual relationship with some domain, why should I be required to enforce THEIR policy? As you've pointed out, I could just publish my email to them in a newspaper ad. Nico -- _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
