diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-07-29 15:27:03 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-08-04 14:32:15 +0100 |
| commit | f9d4bb1a2ae19edfcde680bebfeb8712e6f2a42a (patch) | |
| tree | 9d12725cf4dd1473aa5508753f5779858a4d2103 | |
| parent | 1bca4f5fc7d74ba4ec1ced72eef8b806ae2be989 (diff) | |
REQUIRETLS: amplify docs discussion
| -rw-r--r-- | doc/doc-txt/experimental-spec.txt | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 43f14237b..1bc5d0275 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -881,12 +881,15 @@ The Exim implementation includes Differences from spec: - we support upgrading the requirement for REQUIRETLS, including adding - it from cold, withing an MTA. The spec only define the sourcing MUA + it from cold, within an MTA. The spec only define the sourcing MUA as being able to source the requirement, and makes no mention of upgrade. - No support is coded for the RequireTLS header (which can be used - to annul DANE and/or STS policiy). [can this be done in ACL?] + to annul DANE and/or STS policiy). [this can _almost_ be done in + transport option expansions, but not quite: it requires tha DANE-present + but STARTTLS-failing targets fallback to cleartext, which current DANE + coding specifically blocks] -Note that REQUIRETLS is only advertised once a TLS connection is acheived +Note that REQUIRETLS is only advertised once a TLS connection is achieved (in contrast to STARTTLS). If you want to check the advertising, do something like "swaks -s 127.0.0.1 -tls -q HELO". |