Re: [Uta] Updated drafts for MTA-STS & TLSRPT
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 24 February 2017 21:43 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44FA5129513 for <uta@ietfa.amsl.com>; Fri, 24 Feb 2017 13:43:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2aun_xnAAB8 for <uta@ietfa.amsl.com>; Fri, 24 Feb 2017 13:43:26 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D005A1294F8 for <uta@ietf.org>; Fri, 24 Feb 2017 13:43:25 -0800 (PST)
Received: from [172.31.30.83] (gzac12-mdf2-1.aoa.twosigma.com [208.77.215.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id A93EC7A330A for <uta@ietf.org>; Fri, 24 Feb 2017 21:43:24 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <CA+E3Fw21syX8a0SF1xwaG9CfoLq6juOFuwnLE9d4Z1GeXbhi_g@mail.gmail.com>
Date: Fri, 24 Feb 2017 16:43:23 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <F2DDF925-C2F1-4898-AA91-51FBC1CFE0AE@dukhovni.org>
References: <a0701ba14a704ac08f2b099a0576e22e@COPDCEX19.cable.comcast.com> <CA+E3Fw2=3QCeeB2hOjzKERwRaF6p_G9z6Gm9GA4Yz2qE0KBhRA@mail.gmail.com> <CANtKdUfO5Onw=_c0kPfAB7HDuh+R4Q-svCQgjdS6MZbSh+ksAg@mail.gmail.com> <905199AC-51EE-42E9-AB54-68C99578A03E@dukhovni.org> <CANtKdUeiUrvzYmVW3_pEojtOzwG8nMdx8H8OwGK=JA0GaefaNQ@mail.gmail.com> <94042B6B-F408-4C53-A831-F0912F117D64@dukhovni.org> <CANtKdUcDQ6cEudUc2-uMmG3z2uZTYYCg1c=q5UC2OrFUBDJg5g@mail.gmail.com> <CA+E3Fw21syX8a0SF1xwaG9CfoLq6juOFuwnLE9d4Z1GeXbhi_g@mail.gmail.com>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/sOxxo0a3JG53e5gLlSi1V1Xuyb0>
Subject: Re: [Uta] Updated drafts for MTA-STS & TLSRPT
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: uta@ietf.org
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 21:43:27 -0000
> On Feb 24, 2017, at 3:33 PM, David Illsley <davidillsley@gmail.com> wrote: > > I think I agree with where you've got to, but I do want to clarify > that I think it's important that a shorter refresh period doesn't > shorten the policy expiry - we want a 6 month policy to be cached > and relied on for 6 months, even if, for most of that 6 months an > attacker is blocking a more frequent DNS policy check. That's a given, modulo local policy on the sending side that might set a lower ceiling on the length of time for which policies are allowed be cached. Remote systems should not be able to force cache storage indefinitely. The effective cache lifetime will be the lower of the remotely requested lifetime and the local policy ceiling. Refresh failure with periodic probing does not invalidate already cached unexpired data. If you feel this needs to be said explicitly, that's OK. It seemed pretty obvious to me. -- Viktor.
- [Uta] Updated drafts for MTA-STS & TLSRPT Brotman, Alexander
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT David Illsley
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Daniel Margolis
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Viktor Dukhovni
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Daniel Margolis
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Viktor Dukhovni
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Viktor Dukhovni
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Daniel Margolis
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT David Illsley
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT David Illsley
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Viktor Dukhovni
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Daniel Margolis
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Alberto Bertogli
- Re: [Uta] Updated drafts for MTA-STS & TLSRPT Daniel Margolis