git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
REQUIRETLS: amplify docs discussion
[exim.git]
/
doc
/
doc-txt
/
experimental-spec.txt
diff --git
a/doc/doc-txt/experimental-spec.txt
b/doc/doc-txt/experimental-spec.txt
index 43f14237bc502097d9dae4ab7ae7ddf6e3494c8d..1bc5d027580814e91753486b4ed3326bca8ae79f 100644
(file)
--- a/
doc/doc-txt/experimental-spec.txt
+++ b/
doc/doc-txt/experimental-spec.txt
@@
-881,12
+881,15
@@
The Exim implementation includes
Differences from spec:
- we support upgrading the requirement for REQUIRETLS, including adding
Differences from spec:
- we support upgrading the requirement for REQUIRETLS, including adding
- it from cold, within
g
an MTA. The spec only define the sourcing MUA
+ it from cold, within an MTA. The spec only define the sourcing MUA
as being able to source the requirement, and makes no mention of upgrade.
- No support is coded for the RequireTLS header (which can be used
as being able to source the requirement, and makes no mention of upgrade.
- No support is coded for the RequireTLS header (which can be used
- to annul DANE and/or STS policiy). [can this be done in ACL?]
+ to annul DANE and/or STS policiy). [this can _almost_ be done in
+ transport option expansions, but not quite: it requires tha DANE-present
+ but STARTTLS-failing targets fallback to cleartext, which current DANE
+ coding specifically blocks]
-Note that REQUIRETLS is only advertised once a TLS connection is ach
ei
ved
+Note that REQUIRETLS is only advertised once a TLS connection is ach
ie
ved
(in contrast to STARTTLS). If you want to check the advertising, do something
like "swaks -s 127.0.0.1 -tls -q HELO".
(in contrast to STARTTLS). If you want to check the advertising, do something
like "swaks -s 127.0.0.1 -tls -q HELO".