11 Jan
2019
11 Jan
'19
3:50 p.m.
11 Jan. 2019 г., 23:19 Mark Andrews <marka@isc.org>:
So STARTTLS strip is not a problem anymore?
If you deploy DANE (client and server sides) then stripping STARTTLS is ineffective for the target domain.
If you defer to send (and finally bounce) everything targeted at a domain that fails TLSA lookup, then fair enough. I don't think this is (and is going to be in the near future) the case for the dumpsterfire mailing list, but you may rightfully assume I haven't checked yet.
gmail.com hasn’t (server side at least).
Google folks are on this mailing list, so it's best if they speak for me (though I believe I pretry much know their reasoning). -- Töma