IETF Logo Mail Archive

Re: [Uta] Smallest practical MTA-STS maximum policy age?

"A. Schulze" <sca@andreasschulze.de> Sat, 23 May 2020 19:07 UTC

Return-Path: <sca@andreasschulze.de>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D4543A0D99 for <uta@ietfa.amsl.com>; Sat, 23 May 2020 12:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andreasschulze.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyex_HdKNIzn for <uta@ietfa.amsl.com>; Sat, 23 May 2020 12:07:13 -0700 (PDT)
Received: from mta.somaf.de (mta.somaf.de [IPv6:2001:470:77b3:103::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 710123A0D98 for <uta@ietf.org>; Sat, 23 May 2020 12:07:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=202005-2FBA0C3B; t=1590260822; x=1595260822; bh=TA+qainl89DfHLLmpyvqgErCeIDshTWm+88UwoeQwD8=; h=Subject:To:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type:Content-Transfer-Encoding:autocrypt:cc: content-transfer-encoding:content-type:date:from:in-reply-to: message-id:mime-version:openpgp:references:subject:to; b=o7C0c6m1QjShUD4enUE8Ul1vdq5u3niuZRzjap6UQaE3VDZLKJm25TQ6NhCKpgm5g XesFKmQEG6jPiAQbjc2Hgmgslu8fh3yqMpKpmnAwj069+uU77BxHAwupD/RHvPOAHs xqct8MGRIgp2hzUB4ak8d5pFwbm1Y6cpiZU2zhWXSVWnInh8iSxWyrEQ5rYcUNxmZ5 +uY+ktbFhOFL1cwKPTZMf+GfEDNGRE9GUaRR7bjG1+ToQR/ELTHKL9B5kRGuneVxMZ YuFrkqNfWQK7R/3/1jl8HUFgv3lW+38rlGF6tK+uxt0U5YXI2yatk6yuZVuggpeBz6 ZQkTSzC1ge2sA==
To: uta@ietf.org
References: <CANHgQ8H-xTuwMO8g9rZMTN2peb7=0x-1d7ZGzjoYeYskDQ=-+A@mail.gmail.com>
From: "A. Schulze" <sca@andreasschulze.de>
Message-ID: <8850ef7e-1c97-a6a8-b801-5ffa247af0b9@andreasschulze.de>
Date: Sat, 23 May 2020 21:07:06 +0200
MIME-Version: 1.0
In-Reply-To: <CANHgQ8H-xTuwMO8g9rZMTN2peb7=0x-1d7ZGzjoYeYskDQ=-+A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/YRGC4a6qbDrNoAcmTF4lCt3mepU>
Subject: Re: [Uta] Smallest practical MTA-STS maximum policy age?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2020 19:07:17 -0000


Am 19.05.20 um 10:10 schrieb Ivan Ristic:
> I've been hearing anecdotal evidence that email providers don't accept small values for the maximum policy age in MTA-STS, for example anything smaller than a day. I searched around and  I found a few articles saying things to that effect, but nothing specific.
> 
> Does anyone here have experience with this sort of thing? What should we (Hardenize) advise users to use as the smallest maximum policy age?

Hello Ivan,

I asked a similar question last year: https://mailarchive.ietf.org/arch/msg/uta/bnUjy9jxM_Va-lDXVtbB32zIkYI/
Currently I use ~ 3 days as "max-age" and receive reports from google that don't let me think they have any problem with my setting.

Andreas

v2.23.0 | Report a Bug | By Email