Viktor Dukhovni wrote: > With SMTP, PKIX certificate verification is pointless without explicit > per-destination configuration: > > http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html#rfc.section.1.2 > > This is why I am working to implement and standardize SMTP with DANE TLS.
DANE itself does not help. It just shifts the trust anchor problem. DNSSEC secures the MX lookups. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature