IETF Logo Mail Archive

[Uta] Smallest practical MTA-STS maximum policy age?

Ivan Ristic <ivan.ristic@gmail.com> Tue, 19 May 2020 08:10 UTC

Return-Path: <ivan.ristic@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 996AA3A12C5 for <uta@ietfa.amsl.com>; Tue, 19 May 2020 01:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcRyd2n-QtV4 for <uta@ietfa.amsl.com>; Tue, 19 May 2020 01:10:17 -0700 (PDT)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABF223A12C4 for <uta@ietf.org>; Tue, 19 May 2020 01:10:17 -0700 (PDT)
Received: by mail-il1-x12b.google.com with SMTP id j3so12499498ilk.11 for <uta@ietf.org>; Tue, 19 May 2020 01:10:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=rKQHwMcBdOywmFdB7/LHyBChHtmlM7JXuRYI1ZVt/TM=; b=E1xzdMX25BqLv08Iep26Fqm6gkL4JETvVb5mB9W1iaPcEjuRzkNeEK/KSizSxcFAVF IwEdUESvxHt0O14WY4evaqaBozE55hETuQCc/Gm2R+dFOkPprlxtZ3cSAmCsHDyl3r9Q 5brKlKwFTj76/kFvYqGfASt8ZGU9cg5D+TsfaIkbZvIDiOmaki5Boa7WwlTb50sYNgGI pZrqg9bYuO1YEYxsPFp1Typ90r6TKCbYhveM5CTRJiFJHVbbSJxnYW8I/v+25YMgegl6 lief7eUt2Fkf+fdHO8zvLe/rCty57AGUqq3yhVqBB1SHP4MIdHl3SWV2egB0S6Uy9F8m BWbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rKQHwMcBdOywmFdB7/LHyBChHtmlM7JXuRYI1ZVt/TM=; b=s4RciNsQOdjw7GScmEaG/y1wQ3O73dyBgT4rOCqXmbgZDfZk/a0/e5+TK3v4BYtRsv Afx1+Wv6JPq13To3x9BdHsBzR+zt054+vtiuHrHog3Rh3SMyJrEx7J5jtu0nfYxnOg7C gkJEX7SlOwoFVVSj4fAeWSVWcuIt3NpUenerulZe/VN57kKW7eWscP9Krjb9a4NSe4AT LSuuB32P+QC0QncjcJ8VQcvm5D4ETTwC/iQ662KtK6xfRLrHJjQ4MIP3soHDTnV5PmyS uZxUhoGSfCzn+z+hYwbajmLypUlxivTy8tmSDyPVqEB5abDQI7FQ5jz29zGaxsI3o7JJ N+8Q==
X-Gm-Message-State: AOAM532bht1+HIsDwPwmEY2uK1N51oXrTa9zn17P4+lUDMIdc4dPI9u6 FZmDOaRryUnTRKmryvqopJOD9L7SyZfUTAmn5k9KdQ==
X-Google-Smtp-Source: ABdhPJxQe9CaTOmtUeBfj3UTvqeE5hacT2sjIjBBz16zKeMtif5MLy/eO8dJ5riVoCShGO4xsjatW70h8X0CcrzAJnI=
X-Received: by 2002:a92:ce01:: with SMTP id b1mr18417398ilo.55.1589875816663; Tue, 19 May 2020 01:10:16 -0700 (PDT)
MIME-Version: 1.0
From: Ivan Ristic <ivan.ristic@gmail.com>
Date: Tue, 19 May 2020 09:10:06 +0100
Message-ID: <CANHgQ8H-xTuwMO8g9rZMTN2peb7=0x-1d7ZGzjoYeYskDQ=-+A@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004a0eb205a5fbcfe5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/SnsjtixjdE4zprFUgUg3IBUwdbU>
Subject: [Uta] Smallest practical MTA-STS maximum policy age?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 08:10:20 -0000

I've been hearing anecdotal evidence that email providers don't accept
small values for the maximum policy age in MTA-STS, for example anything
smaller than a day. I searched around and  I found a few articles saying
things to that effect, but nothing specific.

Does anyone here have experience with this sort of thing? What should we
(Hardenize) advise users to use as the smallest maximum policy age?

Thanks!

-- 
Ivan

v2.23.0 | Report a Bug | By Email