James Cloos <[email protected]> wrote: > Some comments:
Thanks! > ,---- > | o If there is no TLSA record or its DNSSEC validation state is > | insecure or indeterminate, this protocol has not been fully > | deployed. The client SHOULD deliver to this server insecurely > | (which might be over unauthenticated TLS). > `---- > > In that case the target mta might offer a cert which the client mta can > authenticate by some means other than dane (eg a pool in CApath or the > like). So 'insecurely' is not the right adverb. The reason it says "insecurely" here is explained in the first couple of paragraphs in the introduction. Perhaps I should add a back-reference. > ,---- > | A <Transmitted-line> SHALL include: > | > | o A <To-domain> clause describing the SMTP server. The <Domain> > | part of a <To-domain> SHALL be the same as the SMTP server host > | name. > `---- > > When would/could/should the To-domain not in its entirety match the string > used for the A/AAAA and TLSA lookups? They always match - that is what the text you quoted is supposed to mean. > ,---- > | 6.1. "with" protocol types > `---- > > It seems odd that with is used for some auth but not all. Perhaps there > should be a with keyword for tlsa, too? Isn't that covered by RFC 3848? ESMTPSA and so forth. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
