* Ted Cooper:
DNSSEC just makes sure that the answers received in DNS lookups are
valid
Yes.
and came from the right place. Doesn't it?
No. The transport isn't secured at all. That's why the protocol is
so complex, and somewhat operationally challenging with current
software.
I would
On Tue, 2009-07-14 at 21:48 +0200, Mark Elkins wrote:
Is anyone looking at having Exim become DNSSEC aware - look at the AD
bit - stuff like that. Perhaps add the DNS Status as a mail header? - or
as a variable so that tests can be done?
The root gets signed by the end of the year.
just
On Wed, 2009-07-15 at 13:09 +1000, Ted Cooper wrote:
On Tue, 2009-07-14 at 21:48 +0200, Mark Elkins wrote:
Is anyone looking at having Exim become DNSSEC aware - look at the AD
bit - stuff like that. Perhaps add the DNS Status as a mail header? - or
as a variable so that tests can be done
On Wed, 2009-07-15 at 10:45 +0200, Mark Elkins wrote:
On Wed, 2009-07-15 at 13:09 +1000, Ted Cooper wrote:
On Tue, 2009-07-14 at 21:48 +0200, Mark Elkins wrote:
Is anyone looking at having Exim become DNSSEC aware - look at the AD
bit - stuff like that. Perhaps add the DNS Status
Ted Cooper wrote:
So I had a little bit of a browse around and it seems that Postfix and
Sendmail have DNSSEC support where they wont deliver outbound email to
fraudulently signed MX records which specify verification is required.
This is rather puzzling since I was under the impression that
Is anyone looking at having Exim become DNSSEC aware - look at the AD
bit - stuff like that. Perhaps add the DNS Status as a mail header? - or
as a variable so that tests can be done?
The root gets signed by the end of the year.
just thinking out aloud in key strokes