Conversation
|
Someone is attempting to deploy a commit to the Security Alliance Team on Vercel. A member of the Team first needs to authorize it. |
|
Thanks also for this contribution @gunnim ;)! As said in the PR about More context and instructions for DNSSEC and CAA sections, while the steward of the Domain and DNS Security, @Raiders0786, reviews the content added, I need to ask you to follow this guide about how to sign unverified commits as this PR can't be merged if all the commits are not verified. The guide assumes that the user following it has a signing key. Thanks again:) |
gunnim
force-pushed
the
feat/tls-rpt
branch
2 times, most recently
from
c98122f to
72b713c
Compare
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
i've commented feedbacks and changes above—are you able to see them @gunnim ? |
|
Can't see the comments here too @Raiders0786 |
|
not sure what's the problem, i can see the comments on my end.. i commented this on Line 197: Hey, solid work on this @gunnim! The MTA-STS → TLS-RPT flow is accurate, and I especially like the RFC8460 citation addressing the report delivery concern. Quick notes: Should we also consider adding a note about max_age tuning during testing vs. production? Overall, this is useful and technically correct - it just needs minor polish. |
|
I still don't see any comment made by Raider's in the latest PRs, not by email nor by github. Can you show me where you made them @Raiders0786? I want to understand what's going on. Are you sure you're not replying via email directly to the author instead of directly in the thread? |
|
here you go.. it says "pending" is that the reason? Not sure why it shows like that thou @mattaereal 
|
| - All MX servers must support TLS with valid certificates | ||
| - Monitor policy file availability - if unreachable, mail delivery may fail in enforce mode | ||
|
|
||
| #### TLS-RPT |
There was a problem hiding this comment.
Hey, solid work on this @gunnim!
The MTA-STS → TLS-RPT flow is accurate, and I especially like the RFC8460 citation addressing the report delivery concern.
Quick notes:
- Should we also consider adding a note about
max_agetuning during testing vs. production? - Might be worth mentioning MX record alignment with policy
- The example could clarify that fallback only happens in testing mode, as if deployed on enforce mode = hard fail
Optional but nice to have: verification commands (dig, curl) and mention of report parsing tools since
TLS-RPT comes as JSON.
Overall, this is useful and technically correct - it just needs minor polish.
Good stuff, thanks for the contributions 👍
|
Previously it didn't used to show "submit review" ig now once i'm added to the frameworks i'm able to comment and submit the review properly it seems |
4 participants
Added section on TLS-RPT
@Raiders0786