Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard

[Keith Moore <moore@xxxxxxxxxx>]

> Idle speculation: Perhaps a compromise position would be to allow this
> sort of caching but to limit the period for which it may be
> used. E.g. the cache must expire in no more than 1 day. This would
> produce some bouncing but limit the scope of that bouncing. The
> advantage would be that the attacker would have to mount a concerted
> active attack over a period of a day.

I don't think this will fly.  Any period of time during which valid mail will 
be bounced is too long.  Brief periods of time during which temporary failures 
would result from a mismatch might be tolerable, but a day is too long.

I guess I'm of the opinion that such knowledge must be explicitly configured 
if MTAs are going to fail if it is not accurate - MTAs should not be making 
guesses.

Keith