I would like the draft to be more clear in section 3.2 If any of these checks fail, the client MUST disconnect from the server and treat this as a temporary failure.
The client can now proceed to deliver mail securely. Rather than assume that the preceding sentence will be treated as throwing an exception, I think the last line needs to say 'If all the checks succeed, the client can now proceed...' The dufus implementation risk here is that someone writes code that checks for DANE SMTP records and falls back to plain SMTP after a cert check fails. No, I don't think that is a reasonable interpretation but having seen some pretty idiotic stuff over the years, I think it needs to be called out more clearly. One of the reasons we could not deploy S/MIME when phishing email started to be a problem was that the chuckleheads at AOL responded to signed email with a message box saying 'WARNING, THE MESSAGE YOU HAVE RECEIVED IS SIGNED'. It was fixed later but the deployed base was prohibitive. On Thu, Dec 20, 2012 at 12:17 PM, Warren Kumari <[email protected]> wrote: > Dear DANE Working Group, > > This starts a 4-week (because of time of year) consensus call on adopting > draft-fanf-dane-smtp-04 as a DANE WG document. > > ----- DRAFT INFO ---- > Title : Secure SMTP with TLS, DNSSEC and TLSA records. > Author(s) : Tony Finch > Filename : draft-fanf-dane-smtp-04.txt > > Abstract: > SMTP has a STARTTLS extension, but (especially in the case of inter- > domain mail transfer) it only provides very limited security because > it does not specify how to authenticate the server's certificate. > This memo specifies how TLSA records in the DNS can be used for > proper SMTP server authentication. > > > Datatracker page: https://datatracker.ietf.org/doc/draft-fanf-dane-smtp/ > TXT URL: http://www.ietf.org/id/draft-fanf-dane-smtp-04.txt > HTML URL: http://tools.ietf.org/html/draft-fanf-dane-smtp-04 > PDF URL: http://tools.ietf.org/pdf/draft-fanf-dane-smtp-04.pdf > > > Please read the document and state your opinions either for or against > adoption (with reasoning why!) on the mailing list. > > We note that this document has already received a bunch of discussion > onlist and in WG sessions. > > The call for adoption ends 20th January 2013. > > Thanks, > Ondrej and Warren. > > -- > Never criticize a man till you've walked a mile in his shoes. Then if he > didn't like what you've said, he's a mile away and barefoot. > > > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane > -- Website: http://hallambaker.com/
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
