-
> The report is composed as a plain text file encoded in the JSON
> format ([RFC7159]).
Can we use I-JSON format instead? RFC 7493. I'd prefer if the report is encoded in UTF-8 rather than an…
-
The current draft has this to say about multiple TXT records for a single domain:
> If multiple TXT records for `_mta-sts` are returned by the resolver, records
which do not begin with `v=STSv1;` …
-
Here is the DNS record for tlsrpt:
```
_smtp-tlsrpt.mail.example.com. IN TXT \
"v=TLSRPTv1;rua=mailto:reports@example.com"
```
Would it be a good idea if we can remove `_smtp-` prefix t…
-
Followup issue ticket on AD review of draft-ietf-uta-smtp-tlsrpt-04.txt
====
Section 7:
o Flooding of the Aggregate report URI (rua) endpoint: An attacker
could flood the endpoint a…
-
I've written a small (possibly buggy) testing tool for MTA-STS: https://github.com/aykevl/mta-sts.
While doing that, I found a few issues with the spec as it is. Some are things that I suspect are re…
-
It seems to me that instead of just a "success count", we should have something like:
starttls-successes
mta-sts-successes
tlsa-successes
or similar. Otherwise, how is a recipient to know how many s…
-
We aren't very clear about the mime type for reporting POSTs (or should it be PUTs?). We probably should be.
-
When a policy fails and the mode is 'enforce' it seems that we should report the failure as well as fail.
An alternative is to have an 'enforce and report' mode.
-
The text is unclear on the interaction of policies that haven't been successfully applied yet and older policies that were successfully applied.
Example 1:
- One older STS policy in 'enforce' mode th…
-
Viktor D: need more info on TLS failures