Clarify the behavior of policies before they are "successfully validated"

[lbaudoin]

The text is unclear on the interaction of policies that haven't been successfully applied yet and older policies that were successfully applied.

Example 1:

• One older STS policy in 'enforce' mode that was successfully validated.
• One newer STS policy in 'enforce' mode that has not been successfully validated yet.

Does it mean that the sender should:

1. Filter the MX list using the newer policy, try to send:
2. If successful mark the policy as successfully applied, done.
3. If it fails:
   • does it send a report?
   • does it restart from step 1 using the older but validated policy?

Example 2: Now if the old policy is 'enforce' and has been successfully validated and the new policy is 'report', on a failure with the new policy do we send the message anyway or do we restart with the older 'enforce' policy and potentially fail to send the message?

[danmarg]

I believe this is now more clear.

o If a new, unvalidated policy exists, attempt to deliver in compliance with this policy. If this attempt succeeds or the new policy mode is "report", mark the policy as "validated" and remove the previously cached policy.

o If a new, unvalidated policy with mode set to "enforce" was attempted and failed to validate, deliver the message in compliance with the old, previously cached policy, and consider this a policy validation failure (for the purposes of TLSRPT (TODO: add reference)).

Example 1:

Yes and yes; it sends a report and delivery is attempted instead with the old policy (i.e. from step 1, as you say).

Example 2:

A new policy with mode = report always is accepted as "validated" regardless of success.

Please reopen if you think the text is unclear or have a suggestion to help clarify. :)