On Sat, May 23, 2020 at 09:07:06PM +0200, A. Schulze wrote:
> I asked a similar question last year:
> https://mailarchive.ietf.org/arch/msg/uta/bnUjy9jxM_Va-lDXVtbB32zIkYI/
> Currently I use ~ 3 days as "max-age" and receive reports from google
> that don't let me think they have any problem with my setting.
Keep in mind that I expect implementations of MTA-STS to not refresh
refresh policy caches pre-expiration in the *absence of traffic to the
destination domain. So if any domain hosts users who in aggregate
correspond with you less often than every 3 days, MTA-STS is completely
ineffective at protecting that traffic against MiTM downgrades.
Thus, my take is that MTA-STS policies with a max_age less than ~30 days
are potentially ineffective, and perhaps not worth the bother.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
