[Starttls-everywhere-devs] STARTTLS call 3/7/19

Sydney sydney at eff.org
Thu Mar 7 11:27:14 PST 2019 

Sorry for the connection quality-- the issue's on my side!

Here's the full set of notes. Let me know if you have any questions
about anything in particular-- I'm going to ask the community folks to
open issues on the starttls-everywhere GH so we can all take a look.

==================
STARTTLS-E (2/21)
==================
starttls.party is up if you'd like to test against it!
 * Improvements: hosting multiple smtpd instances on one box? Let me
know if you have ideas on how to do this.

 * Triage
   * Early adopter mode for starttls-policy-cli 	* [Sydney to review and
push to PyPI]
   * Continuing work on consolidating testing phases [Vivian review]
   * Automatic MTA-STS updates
	* Issue regarding MTA-STS lookup on back-end
 * Discussions:
   * Statistics from initial scans
   * Is there a reasonable way we can also measure sending MTA-STS support?
	* Not objectively, unfortunately, though people are looking at incoming
TLSRPT to measure this, and we're also looking at how many open-source
mailservers roll out support. For instance, Courier did this past week:
https://sourceforge.net/p/courier/mailman/message/36539626/
   * Flagging some proposals from community about securing some more DNS
lookups via list: onion mxs and "DANE supporters":
	* Securing SRV record lookup for onion mailserver discovery
	* There are a number of email hosting providers that support DANE. Some
mail domains that use these hosting providers, however, don't or can't
DNSSEC-sign their MX RRset. We could secure the MX lookup for those domains.


On 3/7/19 10:35 AM, Sydney wrote:
> Hello! STARTTLS-E call catch-up and sync today at 11AM :)
> 
> 
> https://meet.jit.si/AnxiousVulcansReckonIndifferently
> 
> 
> ==================
> STARTTLS-E (2/21)
> ==================
> starttls.party is up if you'd like to test against it!
>  * Improvements: hosting multiple smtpd instances on one box?
> 
>  * Triage
>    * Early adopter mode for starttls-policy-cli
>    * Continuing work on consolidating testing phases
>    * Automatic MTA-STS updates
>  * Discussions:
>    * Statistics from initial scans
>    * Proposal from community: adding "DANE providers" to the list proposal
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/starttls-everywhere-devs/attachments/20190307/39aa4df6/attachment.sig>

More information about the Starttls-everywhere-devs mailing list