On Thu, May 30, 2013 at 07:33:13AM -0400, Tom Ritter wrote:
> PKIX Validation + SMTP is all sorts of wonky. I'm just throwing it out
> there ;)
Please, please, find ~10 free minutes and read the draft!
https://tools.ietf.org/html/draft-dukhovni-smtp-opportunistic-tls-00
Then you will see that:
- The existing public CA PKI and SMTP with MX indirection are incompatible.
- The same likely applies to submission via SRV records.
- DANE is well suited to securing both, via 2/3 TLSA RRs only.
and perhaps you can help to improve the draft.
Thanks.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
