Page MenuHomePhabricator

Implement MTA-STS
Open, MediumPublic

Description

Now that we're working on T203260, we should also look at implementing MTA-STS, which in its final draft state right now (submitted to the IESG for publication). There are three parts to it:

  • Publishing a policy of our own. It's a bit more complicated than expected requiring both a DNS record and an HTTPS endpoint in a predefined domain name (mta-sts.wikimedia.org) and URL (/.well-known/mta-sts.txt), but it's probably a day or two's worth of effort.
  • Getting reporting for TLS failures, especially if we originally deploy in testing mode. That's described separately in another draft RFC, TLSRPT and has the same complexities as the DMARC reporter stuff, so it should probably be tackled together.
  • Obeying others' MTA-STS policies. That will likely need Exim support and is right now non-trivial. Exim's documentation says on the subject: Exim has no support for MTA-STS as a client […]

Related Objects

Event Timeline

faidon triaged this task as Medium priority.Sep 8 2018, 4:28 PM
faidon created this task.
Aklapper added a subscriber: herron.

Removing task assignee due to inactivity, as this open task has been assigned to the same person for more than two years (see the emails sent to the task assignee on Oct27 and Nov23). Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome.
(See https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator.)