But for later connections, it is essentially defining a caching of:
- a boolean flag that a trusted certificate is to be used
- a flag whether violations are to be reported to an endpoint obtained from untrusted DNS
- a maximum age of this "policy"
how is it superior to:
- just querying / dumping this policy as informational headers after STARTTLS (possibly guarded by a new EHLO feature)
- TLS TACK (https://tools.ietf.org/html/draft-perrin-tls-tack-00), which is kind of abandoned, but is an equivalent to HSTS, just at the correct layer
and how does it solve the problem that even if you have a policy defined, a MitM attacker can just redirect all policy reports with a very-long-lived _smtp._tls.example.com DNS record pointing to their own property or to nowhere?
But for later connections, it is essentially defining a caching of:
- a boolean flag that a trusted certificate is to be used
- a flag whether violations are to be reported to an endpoint obtained from untrusted DNS
- a maximum age of this "policy"
how is it superior to:
- just querying / dumping this policy as informational headers after STARTTLS (possibly guarded by a new EHLO feature)
- TLS TACK (https://tools.ietf.org/html/draft-perrin-tls-tack-00), which is kind of abandoned, but is an equivalent to HSTS, just at the correct layer
and how does it solve the problem that even if you have a policy defined, a MitM attacker can just redirect all policy reports with a very-long-lived _smtp._tls.example.com DNS record pointing to their own property or to nowhere?