[Starttls-everywhere-devs] STARTTLS call 3/7/19
Sydney
sydney at eff.org
Thu Mar 7 11:27:14 PST 2019
Sorry for the connection quality-- the issue's on my side!
Here's the full set of notes. Let me know if you have any questions
about anything in particular-- I'm going to ask the community folks to
open issues on the starttls-everywhere GH so we can all take a look.
==================
STARTTLS-E (2/21)
==================
starttls.party is up if you'd like to test against it!
* Improvements: hosting multiple smtpd instances on one box? Let me
know if you have ideas on how to do this.
* Triage
* Early adopter mode for starttls-policy-cli * [Sydney to review and
push to PyPI]
* Continuing work on consolidating testing phases [Vivian review]
* Automatic MTA-STS updates
* Issue regarding MTA-STS lookup on back-end
* Discussions:
* Statistics from initial scans
* Is there a reasonable way we can also measure sending MTA-STS support?
* Not objectively, unfortunately, though people are looking at incoming
TLSRPT to measure this, and we're also looking at how many open-source
mailservers roll out support. For instance, Courier did this past week:
https://sourceforge.net/p/courier/mailman/message/36539626/
* Flagging some proposals from community about securing some more DNS
lookups via list: onion mxs and "DANE supporters":
* Securing SRV record lookup for onion mailserver discovery
* There are a number of email hosting providers that support DANE. Some
mail domains that use these hosting providers, however, don't or can't
DNSSEC-sign their MX RRset. We could secure the MX lookup for those domains.
On 3/7/19 10:35 AM, Sydney wrote:
> Hello! STARTTLS-E call catch-up and sync today at 11AM :)
>
>
> https://meet.jit.si/AnxiousVulcansReckonIndifferently
>
>
> ==================
> STARTTLS-E (2/21)
> ==================
> starttls.party is up if you'd like to test against it!
> * Improvements: hosting multiple smtpd instances on one box?
>
> * Triage
> * Early adopter mode for starttls-policy-cli
> * Continuing work on consolidating testing phases
> * Automatic MTA-STS updates
> * Discussions:
> * Statistics from initial scans
> * Proposal from community: adding "DANE providers" to the list proposal
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/starttls-everywhere-devs/attachments/20190307/39aa4df6/attachment.sig>
More information about the Starttls-everywhere-devs
mailing list