EFF "STARTTLS Everywhere"
Max Mazurov
Stumbled upon this interesting thing today:
https://starttls-everywhere.org/policy-list/.
I believe it is important for MTA-STS-based MX authentication since MTA-STS has
a trade-off related to downgrade-resistance. This list, being similar to the
preload list for HSTS[1], can compensate that. I think chasquid can gain
support for using this list as a secondary reference for TLS enforcement
status. chasquid is about security, right?
Btw, I am planning to implement its support in maddy too[2] and will
publish a library for working with it (likely, alongside with currently
internal maddy MTA-STS library). In case you are interested.
[1]: https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
[2]: https://github.com/foxcpp/maddy/issues/180
--
Cheers,
Max Mazurov
https://foxcpp.dev
Alberto Bertogli
>Hello again, chasquid users and developers.
>
>Stumbled upon this interesting thing today:
>https://starttls-everywhere.org/policy-list/.
>
>I believe it is important for MTA-STS-based MX authentication since MTA-STS has
>a trade-off related to downgrade-resistance. This list, being similar to the
>preload list for HSTS[1], can compensate that. I think chasquid can gain
>support for using this list as a secondary reference for TLS enforcement
>status. chasquid is about security, right?
I've seen the list before but it was fairly small and with a somewhat
uncertain future back then; I'm glad to see it has grown significantly
since then!
I'll probably add support for it in chasquid in the near future (maybe
during the holidays, if we get bad weather ;).
>Btw, I am planning to implement its support in maddy too[2] and will
>publish a library for working with it (likely, alongside with currently
>internal maddy MTA-STS library). In case you are interested.
of efforts, or at the very least do some cross checking in terms of
implementation.
Thanks a lot!
Alberto